A Python package for extracting indicators of compromise (IOCs) from PCAP files.

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

These details have not been verified by PyPI

Project description

Parse_pcap

Parse_pcap is a security tool designed to analyze packet capture files (pcap) for indicators of compromise (IOCs). It helps security professionals quickly identify suspicious activity within network traffic.

Features

Analyze existing pcap files for IOCs
Capture live network traffic for analysis
Output results in JSON format
Usable as both a command-line tool and a Python library

Installation

This is published on PyPi, so you can run the following to install:

pip install parse-pcap

Note: The package will be available on PyPI soon.

Usage

Command-Line Interface

Analyze an existing pcap file:

parse_pcap analyze -p /path/to/packet_capture.pcap -r /path/to/results.json

Capture live network traffic:

parse_pcap capture -o /path/to/capture.pcapng -i capture_interface -t 2

Visualize an existing report:

parse_pcap visualize --report_file /path/to/results.json

Python Library

You can also use Parse_pcap as a Python library:

from parse_pcap.utils import load_pcap, analyze

cap = load_pcap(in_file)
results = analyze(cap, out_file=out_file)

Project details

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

jtbb

These details have not been verified by PyPI

Release history Release notifications | RSS feed

This version

0.2.0

Sep 28, 2025

0.1.5

Sep 28, 2025

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

parse_pcap-0.2.0.tar.gz (23.3 kB view details)

Uploaded Sep 28, 2025 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

parse_pcap-0.2.0-py3-none-any.whl (21.4 kB view details)

Uploaded Sep 28, 2025 Python 3

File details

Details for the file parse_pcap-0.2.0.tar.gz.

File metadata

Download URL: parse_pcap-0.2.0.tar.gz
Upload date: Sep 28, 2025
Size: 23.3 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for parse_pcap-0.2.0.tar.gz
Algorithm	Hash digest
SHA256	`552116d7d64056491b35970195785dc6f88eb737a1e480a6c8a5504490efd891`
MD5	`41ac45b0fa679ae4d5a2c23ae812bb46`
BLAKE2b-256	`1d1093e9e0071e2b42149f26133038f04c9dd2e14aff5f30dc4f8fed97f6707b`

See more details on using hashes here.

Provenance

The following attestation bundles were made for parse_pcap-0.2.0.tar.gz:

Publisher: python-publish.yml on josh-bone/Network-Threat-Detection

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: parse_pcap-0.2.0.tar.gz
- Subject digest: 552116d7d64056491b35970195785dc6f88eb737a1e480a6c8a5504490efd891
- Sigstore transparency entry: 567095955
- Sigstore integration time: Sep 28, 2025
Source repository:
- Permalink: josh-bone/Network-Threat-Detection@5d1eb1439b1546235b97a9a1ea8894d2f971e9e0
- Branch / Tag: refs/tags/v0.2.0-alpha
- Owner: https://github.com/josh-bone
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: python-publish.yml@5d1eb1439b1546235b97a9a1ea8894d2f971e9e0
- Trigger Event: release

File details

Details for the file parse_pcap-0.2.0-py3-none-any.whl.

File metadata

Download URL: parse_pcap-0.2.0-py3-none-any.whl
Upload date: Sep 28, 2025
Size: 21.4 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for parse_pcap-0.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3768356210f15ef104b1a1e8f3924781a95d822e7f86ab26c8a87a4b2e9e79fd`
MD5	`b4b46ea0f0a2da8fed10c04812762142`
BLAKE2b-256	`356343df115f73a743fca7f8bcd5192e275436ebc81588fd0a4bbcfae1100275`

See more details on using hashes here.

Provenance

The following attestation bundles were made for parse_pcap-0.2.0-py3-none-any.whl:

Publisher: python-publish.yml on josh-bone/Network-Threat-Detection

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: parse_pcap-0.2.0-py3-none-any.whl
- Subject digest: 3768356210f15ef104b1a1e8f3924781a95d822e7f86ab26c8a87a4b2e9e79fd
- Sigstore transparency entry: 567095962
- Sigstore integration time: Sep 28, 2025
Source repository:
- Permalink: josh-bone/Network-Threat-Detection@5d1eb1439b1546235b97a9a1ea8894d2f971e9e0
- Branch / Tag: refs/tags/v0.2.0-alpha
- Owner: https://github.com/josh-bone
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: python-publish.yml@5d1eb1439b1546235b97a9a1ea8894d2f971e9e0
- Trigger Event: release

parse-pcap 0.2.0

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Project description

Parse_pcap

Features

Installation

Usage

Command-Line Interface

Python Library

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance