PcapViz - Visualize Network Topologies and Collect Graph Statistics Based on PCAP Files
Features
- Draw network topologies (Layer 2) and communication graphs (Layer 3 and 4)
- Network topologies contain country information and connection stats
- Collect statistics such as most frequently contacted machines
Usage
usage: main.py [-h] [-i [PCAPS [PCAPS ...]]] [-o OUT] [-g GRAPHVIZ] [--layer2]
[--layer3] [--layer4] [-fi] [-fo]
pcap topology drawer
optional arguments:
-h, --help show this help message and exit
-i [PCAPS [PCAPS ...]], --pcaps [PCAPS [PCAPS ...]]
capture files
-o OUT, --out OUT topology will be stored in the specified file
-g GRAPHVIZ, --graphviz GRAPHVIZ
graph will be exported to the specified file (dot
format)
--layer2 derive layer2 topology
--layer3 derive layer3 topology
--layer4 derive layer4 topology
-fi, --frequent-in print frequently contacted nodes to stdout
-fo, --frequent-out print frequent source nodes to stdoutExample
Example pcap: smallFlows.pcap
Drawing a communication graph (layer 2), segment:
python main.py -i smallFlows.pcap -o small_tcp_l2.png --layer2
Drawing a communication graph (layer 3), segment:
python main.py -i smallFlows.pcap -o small_tcp.png --layer3
Drawing a communication graph (layer 4), segment:
python main.py -i smallFlows.pcap -o small_tcp_l4.png --layer4
Return most frequently contacted hosts:
python main.py -i smallFlows.pcap --layer3 --frequent-in
115 172.16.255.1
70 192.168.3.131
21 10.0.2.15
2 65.55.15.244
2 224.0.0.252
2 192.168.3.90
2 239.255.255.250
2 255.255.255.255
1 178.144.253.171
1 92.247.222.20
1 72.14.213.103
1 67.170.187.174
...Installation
Required:
- GraphViz
- Download GeoIP database to ~/GeoIP.dat (http://dev.maxmind.com/geoip/legacy/install/country/)
pip install -r requirements.txtapt-get install python3-dev
apt-get install graphviz libgraphviz-dev pkg-config
PcapViz - Visualize Network Topologies and Collect Graph Statistics Based on PCAP Files
Reviewed by Zion3R
on
11:16 AM
Rating:
Reviewed by Zion3R
on
11:16 AM
Rating:
