├── suspicious.pcap
├── README.md
├── Dockerfile
└── .gitignore


/suspicious.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/secdevopsai/Packet-Analytics/HEAD/suspicious.pcap


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Packet-Analytics
 2 | 
 3 | > Have you ever opened Wireshark and thought, "this is nice, but sometimes filtering and following TCP streams is tedious?" If not, open Wireshark more. In this post, I'll cover how to leverage Python, Scapy, Pandas, and Seaborn to science the shit out of some PCAP. Also, this post will serve as a prequel for our next series on Packet Manipulation with Data Science.
 4 | 
 5 | ### Write-up
 6 | 
 7 | I've provided a blog post for the this project, follow the links below!
 8 | 
 9 | *  [Learning Packet Analysis with Data Science]()
10 | * For content related to development, security, devops, AI, etc... check out [SecDevOps.AI](https://secdevops.ai)!
11 | 
12 | 
13 | ### Docker Instructions
14 | 1. `docker build . -t packet-analytics`
15 | 2. `docker run -i -t --rm -p 8888:8888 packet-analytics`
16 | 3. `cd packet-analytics`
17 | 4. `anaconda-project run`
18 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:latest
 2 | 
 3 | #  $ docker build . -t continuumio/anaconda:latest -t continuumio/anaconda:5.2.0 -t continuumio/anaconda2:latest -t continuumio/anaconda2:5.2.0
 4 | #  $ docker run --rm -it continuumio/anaconda2:latest /bin/bash
 5 | #  $ docker push continuumio/anaconda:latest
 6 | #  $ docker push continuumio/anaconda:5.2.0
 7 | #  $ docker push continuumio/anaconda2:latest
 8 | #  $ docker push continuumio/anaconda2:5.2.0
 9 | 
10 | ENV LANG=C.UTF-8 LC_ALL=C.UTF-8
11 | ENV PATH /opt/conda/bin:$PATH
12 | 
13 | RUN apt-get update --fix-missing && apt-get install -y wget bzip2 ca-certificates \
14 |     libglib2.0-0 libxext6 libsm6 libxrender1 \
15 |     git mercurial subversion
16 | 
17 | RUN wget --quiet https://repo.anaconda.com/archive/Anaconda3-5.2.0-Linux-x86_64.sh -O ~/anaconda.sh && \
18 |     /bin/bash ~/anaconda.sh -b -p /opt/conda && \
19 |     rm ~/anaconda.sh && \
20 |     ln -s /opt/conda/etc/profile.d/conda.sh /etc/profile.d/conda.sh && \
21 |     echo ". /opt/conda/etc/profile.d/conda.sh" >> ~/.bashrc && \
22 |     echo "conda activate base" >> ~/.bashrc
23 | 
24 | RUN apt-get install -y curl grep sed wget dpkg && \
25 |     TINI_VERSION=`curl https://github.com/krallin/tini/releases/latest | grep -o "/v.*\"" | sed 's:^..\(.*\).$:\1:'` && \
26 |     curl -L "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini_${TINI_VERSION}.deb" > tini.deb && \
27 |     dpkg -i tini.deb && \
28 |     rm tini.deb && \
29 |     apt-get clean
30 | 
31 | RUN wget https://anaconda.org/secdevopsai/project/packet-analytics/download
32 | RUN mv download packet-analytics.tar.bz2
33 | 
34 | RUN anaconda-project unarchive packet-analytics.tar.bz2
35 | 
36 | ENTRYPOINT [ "/usr/bin/tini", "--" ]
37 | CMD [ "/bin/bash" ]
38 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | build/
 12 | develop-eggs/
 13 | dist/
 14 | downloads/
 15 | eggs/
 16 | .eggs/
 17 | lib/
 18 | lib64/
 19 | parts/
 20 | sdist/
 21 | var/
 22 | wheels/
 23 | *.egg-info/
 24 | .installed.cfg
 25 | *.egg
 26 | MANIFEST
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | .pytest_cache/
 49 | 
 50 | # Translations
 51 | *.mo
 52 | *.pot
 53 | 
 54 | # Django stuff:
 55 | *.log
 56 | local_settings.py
 57 | db.sqlite3
 58 | 
 59 | # Flask stuff:
 60 | instance/
 61 | .webassets-cache
 62 | 
 63 | # Scrapy stuff:
 64 | .scrapy
 65 | 
 66 | # Sphinx documentation
 67 | docs/_build/
 68 | 
 69 | # PyBuilder
 70 | target/
 71 | 
 72 | # Jupyter Notebook
 73 | .ipynb_checkpoints
 74 | 
 75 | # pyenv
 76 | .python-version
 77 | 
 78 | # celery beat schedule file
 79 | celerybeat-schedule
 80 | 
 81 | # SageMath parsed files
 82 | *.sage.py
 83 | 
 84 | # Environments
 85 | .env
 86 | .venv
 87 | env/
 88 | venv/
 89 | ENV/
 90 | env.bak/
 91 | venv.bak/
 92 | 
 93 | # Spyder project settings
 94 | .spyderproject
 95 | .spyproject
 96 | 
 97 | # Rope project settings
 98 | .ropeproject
 99 | 
100 | # mkdocs documentation
101 | /site
102 | 
103 | # mypy
104 | .mypy_cache/
105 | 


--------------------------------------------------------------------------------