PcapMonkey icon indicating copy to clipboard operation
PcapMonkey copied to clipboard

Published 20 hours ago verified publisher icon certego

can you add more resources to understand pcap analysis which is done in the later stage of this project

Open gokuljs opened this issue 3 years ago • 4 comments

I request you to add more detailed information about the pcap analysis which you have done later stages of your project. Because the video you have posted is done in french it's difficult to understand who lives in different parts of the world. so I sincerely request you add the resources which you have gone through to make a pcap analysis in your project

gokuljs avatar May 24 '21 11:05 gokuljs

Hi Gokul, the documentation is still in the development phase and we are working on it. Regarding pcap analysis, PcapMonkey uses docker containers of Zeek and Suricata to extract logs out of the packet capture (you can read about those from Suricata-docs and Zeek-docs).

The logs generated are then used by Elasticsearch. Kibana is used to visualize and extract meaningful data from the logs.

hariomch avatar May 24 '21 17:05 hariomch

Thanks, But I am currently trying to understand how to filter and get filtered data inside the elk stack. Do you have some resources to understand those even better

gokuljs avatar May 25 '21 06:05 gokuljs

For data shipment and processing, Filebeat and Logstash are used you can look into those. Also, you can read this.

hariomch avatar May 25 '21 09:05 hariomch

About querying and filtering the data on Kibana you can also take a look on the official documentation: https://www.elastic.co/guide/en/kibana/7.12/discover.html

ManofWax avatar May 25 '21 12:05 ManofWax