/Traffic-Analyzer

Splunk App to analyze traffic from pcap(ng) files

Primary LanguagePythonMIT LicenseMIT

Traffic-Analyzer

Build Status Quality Gate Status Python 3.7 PEP8 IP Location Finder Docker Hub

Development script

Start using traffic analyzer as an developer with the given app_deployer.sh script.

  • Use the parameter create to use the existing docker image and deploy it on port 8000 on the docker host system.
  • Use the parameter recreate to recreate the docker image and deploy it on port 8000 on the docker host system.
  • Use the parameter update to update the app traffic-analyzer inside the docker container.
  • Use the parameter force-update to uninstall the app traffic-analyzer first before reinstalling it inside the docker container.
  • Use the parameter copy-pcaps to copy new pcaps into the docker container from the given folder ./docker/init_files/pcaps

Docker image

You can also use the docker image published on Docker Hub and directly mount an volume into the container:
docker run -d -p 8000:8000 -p 8089:8089 -e SPLUNK_PASSWORD=AnJo-HSR -v /home/pcaps:/tmp/pcaps-mounted anjohsr/traffic-analyzer

Access the container

The container will be deployed on :8000 on the docker host system. HTTPS can be implemented by using a reverse proxy or by following this manual Changing the port can be done by changing the variable WEB_PORT in the .env file.

Login credentials

The default login credentials are:

  • username: admin
  • password: AnJo-HSR

To change the password, please edit the .env file. The password must follow the given password policy from splunk otherwise the container will not start. The username cannot be changed for the initial account.