Capanalysis Container

My favorite open source tool for analyzing PCAP files is CapAnalysis  and I have always kept a virtual machine around to run this software but I have been on a kick of containerizing all my favorite tools recently so I decided to put CapAnalysis into a container.
It allows you to easily visualize the traffic flow, statistics, geolocation and a ton of other amazing information:

To get started you just need to run:
docker run -t -i -d -p 9877:9877 jgamblin/capanalysis
From there all you have to do is create a dataset and upload the pcaps you want to analyze.
Inside the container is:
Ubuntu 15.04
Apache2
PHP5
Postgresql
The Dockerfile for this container is:

FROM ubuntu:15.04

# Install packages
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get -y install \
wget \
curl \
gdebi \
php5 \
sudo \
apache2\
apt-utils

RUN echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
    && echo 'exit 101' >> /usr/sbin/policy-rc.d \
    && chmod +x /usr/sbin/policy-rc.d

RUN wget http://downloads.sourceforge.net/project/capanalysis/version%201.2.0/capanalysis_1.2.0_amd64.deb

RUN apt-get update && gdebi --n capanalysis_1.2.0_amd64.deb

RUN sed -i -e 's/PRIORITY=1 #(0..20)/PRIORITY=0 #(0..20)Z/g' /etc/init.d/capanalysis

CMD sudo service postgresql restart && \
sudo service apache2 restart && \
sudo service capanalysis restart && \
tail -f /var/log/apache2/access.log

If you have any questions or comments reach out to me on twitter at @jgamblin

Site Footer