Skip to content
This repository was archived by the owner on Aug 16, 2025. It is now read-only.

hc-nolan/EShark

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
eshark_run.sh
eshark_run.sh
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

EShark

ElasticSearch + PyShark = EShark

This project is essentially a rewrite of the original espcap by Vic Hargrave, built specifically for OPCUA applications.

This script was designed to run on a device that has visibility to all OPCUA traffic. Currently, the script looks for:

  • WriteRequests
  • WriteResponses
  • ReadRequests
  • ReadResponses

Supported protocols: ARP, IP, TCP, UDP, DNS, HTTP, OPCUA, Modbus

Usage

  • Clone the repository and enter the project directory
  • Create and activate a new venv: python3 -m venv venv && chmod +x venv/bin/activate && source venv/bin/activate
    • If on Windows: python3 -m venv venv && chmod +x venv/Scripts/activate && source venv/Scripts/activate
  • Install dependencies: pip install -r requirements.txt
  • Set environment variables in .env.example and rename to .env: mv .env.example .env
  • Run main.py

PCAP File Playback (load an existing PCAP file)

python main.py -m file -f <path/to/pcap>

Live Capture

python main.py -m live -i <interface> -b <bpf>

To capture on multiple interfaces, pass a string with the interface names separated by commas (don't include spaces):

python main.py -m live -i "eth0,eth1"

About

Capture packets with PyShark and send to ElasticSearch

Topics

elasticsearch pyshark

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages