Packet_analysis

tshark

tshark -r input.pcapng -Tfields -e ip.src -e ip.dst -e tcp.analysis.flags | grep 1$
# source, destination, and then also having the analysis flags
172.27.81.41    1.1.1.1  1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1
172.27.81.41    1.1.1.1   1

using python for packet analysis

• pypacker - https://gitlab.com/mike01/pypacker/-/blob/master/README.md
• dpkt - https://dpkt.readthedocs.io/en/latest/
• scapy - https://scapy.net/
• pyshark - https://github.com/KimiNewt/pyshark

Using sharkd JSON-RPC

• https://www.youtube.com/watch?v=MtUPHAAWM-g
• https://github.com/credible58/papr/tree/main

Exmaple code use using different python libraries

• https://github.com/nowfelunr/pcap-reader/

using golang for packet processing

• gopacket - https://github.com/google/gopacket

Sample Captures

• https://packetlife.net/captures/
• https://wiki.wireshark.org/SampleCaptures#sample-captures

Example of using pyshark:

• https://thepacketgeek.com/pyshark/packet-object/

Video on pyshark

• https://www.youtube.com/watch?v=VIxq-iwX4SQ

EXample of using Quokka

• https://github.com/chuckablack/quokka
• https://www.youtube.com/watch?v=GaCzFcW8Tm4&list=PLKZjLeG8AwtEYEQjYVBzX7XJHXni39106