Editor: If you’ve been doing packet capture with Wireshark into flat files, take a break! This article shows how to do the same thing using Pyshark, a Python module, and Elasticsearch, a distributed search engine with an HTTP interface.
Network packet capture and analysis are commonly done with tools like tcpdump, snort, and Wireshark.
These tools provide the capability to capture packets live from networks and store the captures in PCAP files for later analysis. A much better way to store packets is to index them in Elasticsearch where you can easily search for packets based on any combination of packet fields.
Pyshark is a module that provides a wrapper API to tshark – the command line version of Wireshark – with which you build packet capture applications that take advantage of all the Wireshark protocol dissectors. Continue reading.
