PcapXray
by Srinivas11789
PcapXray is a network forensics tool that visualizes packet captures offline as detailed network diagrams highlighting device identification, key communications, Tor traffic, and potential malicious activity.
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
Primary Use Case
This tool is designed for network forensic investigators and incident responders who need to quickly analyze packet capture (pcap) files to understand network traffic, identify devices, and detect suspicious or malicious communications. It accelerates the investigation process by providing a visual network diagram and detailed traffic insights, enabling faster and more effective incident analysis.
- Visualizes pcap files as comprehensive network diagrams
- Identifies devices and summarizes network hosts
- Highlights important communication including web, Tor, and possible malicious traffic
- Extracts data from packets for detailed traffic and payload analysis
- Supports offline analysis with a GUI for easy pcap file upload and visualization
- Displays server details for web traffic
- Includes malicious traffic identification and Tor traffic detection
- Provides device and traffic detail reports
Installation
- Install Python 3 and pip: apt install python3-pip
- Install Python Tkinter and related libraries: apt install python3-tk python3-pil python3-pil.imagetk
- Install Graphviz: apt install graphviz
- Clone the repository: git clone https://github.com/Srinivas11789/PcapXray
- Navigate to the repository directory
- Install Python dependencies: pip3 install -r requirements.txt
- Run the tool with elevated privileges: sudo python3 Source/main.py
- For Mac users, install Graphviz via brew: brew install graphviz
Usage
>_ python3 Source/main.pyLaunches the PcapXray GUI application to upload and analyze pcap files
>_ pip3 install -r requirements.txtInstalls all required Python dependencies for PcapXray
- Integrate PcapXray with SIEM platforms to enrich network traffic visualizations for faster incident triage.
- Use PcapXray in purple team exercises to visually demonstrate attack paths and network impact during red vs blue simulations.
- Automate offline pcap analysis workflows by coupling PcapXray with packet capture tools to accelerate forensic investigations.
- Leverage the tool’s Tor and malicious traffic identification features to enhance detection of anonymized or stealthy adversary communications.
- Customize device identification rules to improve asset inventory accuracy and network mapping in complex environments.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about PcapXray. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
mvt
mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
post-mortems
danluu/post-mortems
A collection of postmortems. Sorry for the delay in merging PRs!
Detect-It-Easy
horsicq/Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
howtheysre
upgundecha/howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
awesome-incident-response
meirwah/awesome-incident-response
A curated list of tools for incident response
chainsaw
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts