My favorite open source tool for analyzing PCAP files is CapAnalysis and I have always kept a virtual machine around to run this software but I have been on a kick of containerizing all my favorite tools recently so I decided to put CapAnalysis into a container.
It allows you to easily visualize the traffic flow, statistics, geolocation and a ton of other amazing information:
To get started you just need to run:
docker run -t -i -d -p 9877:9877 jgamblin/capanalysis
From there all you have to do is create a dataset and upload the pcaps you want to analyze.
Inside the container is:
Ubuntu 15.04
Apache2
PHP5
Postgresql
The Dockerfile for this container is:
FROM ubuntu:15.04
# Install packages
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y install \wget \
curl \
gdebi \
php5 \
sudo \
apache2\
apt-utils
RUN echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
&& echo 'exit 101' >> /usr/sbin/policy-rc.d \
&& chmod +x /usr/sbin/policy-rc.d
RUN wget http://downloads.sourceforge.net/project/capanalysis/version%201.2.0/capanalysis_1.2.0_amd64.deb
RUN apt-get update && gdebi --n capanalysis_1.2.0_amd64.deb
RUN sed -i -e 's/PRIORITY=1 #(0..20)/PRIORITY=0 #(0..20)Z/g' /etc/init.d/capanalysis
CMD sudo service postgresql restart && \sudo service apache2 restart && \
sudo service capanalysis restart && \
tail -f /var/log/apache2/access.log
If you have any questions or comments reach out to me on twitter at @jgamblin
