{"id":13557283,"url":"https://github.com/1ultimat3/PcapViz","last_synced_at":"2025-04-03T11:31:35.351Z","repository":{"id":26179716,"uuid":"29625478","full_name":"1ultimat3/PcapViz","owner":"1ultimat3","description":"Visualize network topologies and collect graph statistics based on pcap files","archived":false,"fork":false,"pushed_at":"2023-02-17T13:11:25.000Z","size":3452,"stargazers_count":328,"open_issues_count":2,"forks_count":59,"subscribers_count":27,"default_branch":"master","last_synced_at":"2024-07-30T05:18:34.067Z","etag":null,"topics":["network-topology","pcap","python","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1ultimat3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-01-21T22:57:15.000Z","updated_at":"2024-06-04T08:39:39.000Z","dependencies_parsed_at":"2022-07-27T07:02:09.381Z","dependency_job_id":"a39ea077-deec-4bc5-a570-db5497fae9f7","html_url":"https://github.com/1ultimat3/PcapViz","commit_stats":null,"previous_names":["mateuszk87/pcapviz"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1ultimat3%2FPcapViz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1ultimat3%2FPcapViz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1ultimat3%2FPcapViz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1ultimat3%2FPcapViz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1ultimat3","download_url":"https://codeload.github.com/1ultimat3/PcapViz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246993020,"owners_count":20865925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network-topology","pcap","python","security-tools"],"created_at":"2024-08-01T12:04:15.517Z","updated_at":"2025-04-03T11:31:30.340Z","avatar_url":"https://github.com/1ultimat3.png","language":"Python","funding_links":[],"categories":["Python","python","Uncategorized"],"sub_categories":["Uncategorized"],"readme":"# PcapViz\nPcapViz draws networks as device topologies and as information flows using the packet information in pcap files captured from a network\ndevice using tcpcap or other capture software. It filters and optionally displays the captured packets at any one of 3 \"layers\". These are:\n\n - device level traffic topology, \n - ip communication and \n - tcp/udp communication \n\nEach yields a distinct network graph from the same set of network packets. This separation makies it much easier to see the data flows at each level rather than mixing them up \nas many other visualisation packages do. It should be possible to determine key topological nodes or to spot patterns of data exfiltration attempts more easily.\n\n\n## Features\n- Network topology graphs - 2 = device; conversation information flow graphs: 3 = ip, 4 = tcp/udp\n- Communication graph node labels show country information and connection stats\n- Lists the most frequently contacted and frequently sending machines\n- Node labels include the host domain name if available from a reverse DNS lookup. \n- command line choice of Graphviz graph layout engine such as dot or sfdp.\n\n\n## Usage\n\n```\nusage: main.py [-h] [-i [PCAPS [PCAPS ...]]] [-o OUT] [-g GRAPHVIZ] [--layer2]\n               [--layer3] [--layer4] [-fi] [-fo] [-G GEOPATH] [-l GEOLANG]\n               [-E LAYOUTENGINE] [-s SHAPE]\n\npcap topology and message mapper\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -i [PCAPS [PCAPS ...]], --pcaps [PCAPS [PCAPS ...]]\n                        space delimited list of capture files to be analyzed\n  -o OUT, --out OUT     topology will be stored in the specified file\n  -g GRAPHVIZ, --graphviz GRAPHVIZ\n                        graph will be exported to the specified file (dot\n                        format)\n  --layer2              device topology network graph\n  --layer3              ip message graph. Default\n  --layer4              tcp/udp message graph\n  -fi, --frequent-in    print frequently contacted nodes to stdout\n  -fo, --frequent-out   print frequent source nodes to stdout\n  -G GEOPATH, --geopath GEOPATH\n                        path to maxmind geodb data\n  -l GEOLANG, --geolang GEOLANG\n                        Language to use for geoIP names\n  -E LAYOUTENGINE, --layoutengine LAYOUTENGINE\n                        Graph layout method - dot, sfdp etc.\n  -s SHAPE, --shape SHAPE\n                        Graphviz node shape - circle, diamond, box etc.\n```\n\n## Examples from running tests/core.py on the test.pcap file\n\n**Drawing a communication graph (layer 2), segment**\n```\npython main.py -i tests/test.pcap -o test2.png --layer2\n```\n\n![layer 2 sample](tests/test2.png)\n\n**Layer3 with default sfdp layout**\n\n![layer 3 sample](tests/test3.png)\n\n**Layer4 with default sfdp layout**\n\n![layer 4 sample](tests/test4.png)\n\n\nReturn hosts with largest numbers of incoming packets:\n\n```\npython3 main.py -i tests/test.pcap -fi --layer3\n4 172.16.11.12\n1 74.125.19.17\n1 216.34.181.45 slashdot.org\n1 172.16.11.1\n1 96.17.211.172 a96-17-211-172.deploy.static.akamaitechnologies.com\n\n```\n\n## Installation\n\n**Required:**\n \n * GraphViz\n     See system notes below\n     \n * Pip package requirements\n    The Maxmind Python API and other dependencies will be installed when you run:\n\t\n\t```\n\tpip3 install -r requirements.txt\n\t```\n\n\tso of course, please run that! You are using a python virtual environment aren't you?\n \n\t```\n\n### Installation Debian\n\nFor Debian-based distros you have to install GraphViz with some additional dependencies:\n\n```\napt-get install python3-dev\napt-get install graphviz libgraphviz-dev pkg-config\n```\n\n### Installation OSX\n\nScapy does not work out-of-the-box on OSX. Follow the platform specific instruction from the [scapy website](http://scapy.readthedocs.io/en/latest/installation.html#platform-specific-instructions)\n\n```\nbrew install graphviz\nbrew install --with-python libdnet\nbrew install https://raw.githubusercontent.com/secdev/scapy/master/.travis/pylibpcap.rb\n```\n\n## Testing\n\nUnit tests can be run from the tests directory:\n```\npython3 core.py\n```\nThe sample images above are the test output graphs.\n\nNote that there are at present 2 warnings about deprecated features in graphviz and for tests to work, you may need to adjust the fake args to point to your copy of the geoIP data file.\nWithout access to the geoIP data, two of the tests will always fail.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1ultimat3%2FPcapViz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1ultimat3%2FPcapViz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1ultimat3%2FPcapViz/lists"}