Traceback (most recent call last):
  File "Source/main.py", line 12, in <module>
    import userInterface
ImportError: No module named userInterface

I get this error on macOS 10.13.5, running Python 2.7.15. This error occurs after running pip install -r requirements.txt.

Looks like a very cool project, hoping there's an easy package to install that makes it mac compatible, but I'm not seeing anything by googling around.

Make the minimal, safe changes required to convert the repo's code to be syntax compatible with both Python 2 and Python 3. There may be other changes required to complete a port to Python 3 but this PR is a minimal, safe first step.

Run: futurize --stage1 -w **/*.py

See Stage 1: "safe" fixes http://python-future.org/automatic_conversion.html#stage-1-safe-fixes

2022-02-15 09:17:23.967 Python[9628:502841] *** Assertion failure in -[NSOpenPanel beginServicePanel:asyncExHandler:], NSVBOpenAndSavePanels.m:1907
2022-02-15 09:17:24.004 Python[9628:502841] -[NSSavePanel beginWithCompletionHandler:]_block_invoke caught non-fatal NSInternalInconsistencyException '<NSOpenPanel: 0x7fcecb72f600> is attempting to advance this Open/Save panel to run phase while another self.advanceToRunPhaseCompletionHandler is in waiting for a previous attempt. An Open/Save panel cannot start to advance more than once.' with user dictionary {
...

In recent python version py3.8, the app does not start due to dependency library support.

• As a partial fix, add a fallback method to resort to launching interactive graph in system default browser.
• This should auto-fix once the respective support is added upstream.

Changes:

• Design: Add flow charts for PcapXray
• Feature: File Signature analysis for covert traffic - add magic number analysis on payload
• Enhance: Update pyshark engine code to work with engine selections in the UI
  • The UI is disabled for now due to pending issue solves with pyshark
• Fix for some ctf problems and MAC spoofing scenarios --> shows up as weird traffic

Features:

• Covert communication ( focus on icmp and dns for now)
  • Block and Algorithm to predict covert ICMP and DNS traffic.
• Mac bug hacky fix - launch interactive on a browser until main bug gets solved

Test:

• Built primarily with learning from network forensics challenges from ( will improvise )
  • DNSCAP —> https://ctftime.org/task/3418 [DNS]
  • PcapMeIfYouCan —> https://ctftime.org/task/7087 [DNS]
  • Biz4rre —> https://ctftime.org/task/6748 [ICMP]
  • FromOurFriendsNextHop —> https://ctftime.org/task/7099 [DNS]
  • Fuzzy —> https://ctftime.org/task/6928 [DNS]
  • Data Exfil —> https://ctftime.org/task/5735 [DNS]
  • https://www.netresec.com/?page=PcapFiles

• Block and Algorithm to predict covert ICMP and DNS traffic.
• Alter lan hosts schema to support solving CTF chals
• covert traffic in graph
• Built primarily with network forensics challenges from
  • DNSCAP —> https://ctftime.org/task/3418 [DNS]
  • PcapMeIfYouCan —> https://ctftime.org/task/7087 [DNS]
  • Biz4rre —> https://ctftime.org/task/6748 [ICMP]
  • Sniffed Off the wire —> https://ctftime.org/task/4758 [TCP]
  • FromOurFriendsNextHop —> https://ctftime.org/task/7099 [DNS]
  • Fuzzy —> https://ctftime.org/task/6928 [DNS]
  • Data Exfil —> https://ctftime.org/task/5735 [DNS]

• Interactive Maps (with python _ interaction)
  • CEF method
• Python2 fixes for stability ( hopefully stable now )
• Partial MAC support now ( limited )
  • No interactive maps in mac due to Cef crashes

• gateway identification logic
• hybrid L2 + L3 routing
• refactor of Reports + PcapRead
• Graph enhancements - different alignment and arrangement for larger graphs
• Options additions
• Image resolution changes ( >= 600 makes the loading slow )
• Huge number of nodes now get different alignment (circo)
• improved payload arrangement

Still require improvements on:

• Higher image resolution can be set to make a big graph more legible but makes tkinter image loading much slower - hot fix soon

Example FTP Payload:

Release bump to 2.0 (A bulk set of features)

• UI features - Browse, Zoom, Icon
• Docker image + automated app start (run.sh + docker) --> supports mac and linux (pending test on windows)
• Bug: init main.py (system path fix)
• More tests

Hello, What is this error:

┌──(root㉿kali)-[~/PcapXray] └─# python3 Source/main.py Interactive graph in app wont work as python version/platform is not supported (will launch in default browser) Traceback (most recent call last): File "/root/PcapXray/Source/main.py", line 52, in main() File "/root/PcapXray/Source/main.py", line 41, in main base = Tk() File "/usr/lib/python3.10/tkinter/init.py", line 2299, in init self.tk = _tkinter.create(screenName, baseName, className, interactive, wantobjects, useTk, sync, use) _tkinter.TclError: no display name and no $DISPLAY environment variable

on-behalf-of: @org [email protected]

Technica has added Sqlite db functionality for the packet data and a prototype for the destination hosts was also added, though not used/tested. This version is also capable of loading previously analyzed pcap data sessions; based on the name of the pcap file/sqlite db file. There is a bug in this version to be noted. The device information that is used during visualization is not persisted in the database, but kept in Global Memory which is erased when the application is closed. If the same PCAP is analyzed again, the data is pulled from the Sqlite database but the analyze portion is skipped so the device information will be missing.

Python 3.8.2

sudo python3 Source/main.py Traceback (most recent call last): File "Source/main.py", line 12, in from cefpython3 import cefpython as cef File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/cefpython3/init.py", line 64, in raise Exception("Python version not supported: " + sys.version) Exception: Python version not supported: 3.8.2 (v3.8.2:7b3ab5921f, Feb 24 2020, 17:52:18) [Clang 6.0 (clang-600.0.57)]

• pyvis has a check for assert len(name.split(".")) == 2 which fails when a filename with full path containing "."

Hacky Fix:

• Have no "." when along the folders where PcapXray is located.

Issue: Sometimes the progress bar keeps loading even when the backend thread has finished its job. Temperory Fix: Restarting the tool solves this error. ( bad fix )