PCAP Analyzer for Splunk

The PCAP Analyzer for Splunk includes useful Dashboards to analyze network packet capture files from Wireshark or Network Monitor (.pcap and .pcapng) The App includes Dashboards which will show you: - The Top Talker IP's, MAC's, Protocols, Ports, VLANs, Conversations - Detailed overview about IP Conversations, Packet Loss, TCP Error's, Round Trip Time - Conversation Sankey Diagram (by Packets, by Bytes, by Destination Port) - Microburst Dashboard (Bit timechart) - DNS Overview (Queries over time, Results over time, DNS Response Time) - NFS Overview (NFS Operations, NFS Response time, NFS Errors) - HTTP Overview (HTTP Methods, HTTP Status, HTTP Response Time) - SMB / SMB2 Overview (SMB response time, SMB Operations) - Keep Alive Communication Dashboards - Hop Calculator between two IP's In addition, following protocol fields are already extracted without a dashboard yet: - MQ In addition a "Problem Detection" Dashboard has been implemented to help during the Wireshark analysis. Welcome to the new version 5.x.x of SplunkForPCAP! There are some important changes made to improve the user experience (compared to previous versions): - A new python script is taking care about the convertion of your capture file. In the old version it was a shell / batch script depending on the OS - The new version includes in the raw events the format of field=value - no extra parsing needed for the standard fields - The converted capture file was before moved away from your initial location - now a new folder "converted" will be created in the same location of your capture file - Starting from now also .pcapng files will be automatically converted - not only .pcap - The new collection includes also the UDP port details - The field names have changed for a better understanding ROADMAP - Support for more protocols and more use cases - Dashboards will change to highlight the most important use cases for troubleshooting. GETTING STARTED https://schwartzdaniel.com/pcap-analyzer-for-splunk-getting-started/