Wireshark is a network packet decoder.
This image contains the wireshark commandline tool, tshark and a python script that posts the data in elasticsearch
docker-compose
I strongly advise to use docker-compose
mkdir tshark-elasticsearch
cd tshark-elasticsearch
wget https://raw.githubusercontent.com/danielguerra69/tshark-elasticsearch/master/docker-compose.yml
docker-compose up -dThe compose starts an elasticsearch cluster, kibana and tshark
Copy pcap data to analyze
docker cp /mydir/mypcap.pcap tshark:/data/pcapAnalyze the data
docker-compose exec tshark bash
tshark -r /data/pcap/mypcap.pcap -T ek | tshark2es.py <mytag>The tag is use to seperate the data, you can use any word.
View the data
Go with your browser to http://:5601
In kibana use the index tshark-* and isotime