{"id":23698361,"url":"https://github.com/mdevolde/trace_analyzer","last_synced_at":"2026-01-25T14:30:16.901Z","repository":{"id":268893886,"uuid":"903892304","full_name":"mdevolde/trace_analyzer","owner":"mdevolde","description":"A Rust-based tool for analyzing device activity in PCAP files or directories. Parses MAC addresses from Excel files, tracks hourly device activity, and generates visual graphs with Plotters. Supports single-file or multi-day analysis for selected devices. Ideal for IoT network monitoring and traffic insights.","archived":false,"fork":false,"pushed_at":"2024-12-20T21:07:59.000Z","size":26,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-12-30T07:16:10.850Z","etag":null,"topics":["analytics","iot","networking","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mdevolde.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-15T20:26:20.000Z","updated_at":"2024-12-29T22:41:56.000Z","dependencies_parsed_at":"2024-12-19T15:35:54.245Z","dependency_job_id":null,"html_url":"https://github.com/mdevolde/trace_analyzer","commit_stats":null,"previous_names":["mdevolde/trace_analyzer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevolde%2Ftrace_analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevolde%2Ftrace_analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevolde%2Ftrace_analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevolde%2Ftrace_analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mdevolde","download_url":"https://codeload.github.com/mdevolde/trace_analyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239768931,"owners_count":19693763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analytics","iot","networking","rust"],"created_at":"2024-12-30T07:16:13.166Z","updated_at":"2026-01-25T14:30:16.850Z","avatar_url":"https://github.com/mdevolde.png","language":"Rust","readme":"# Pcap reader\n\n## Prelude\nThis tool was originally designed for the [Embedded System Security course (ELEC-H550)](https://www.ulb.be/en/programme/2023-elec-h550), given at the Université Libre de Bruxelles.\n\nIt was designed by a group comprising Martin Devolder, Virgile Devolder and Corentin Bouffioux.\n\n## Requirements (Windows)\nIf you are using Windows, following this [explaination](https://github.com/libpnet/libpnet?tab=readme-ov-file#windows), we need to install npcap to use pnet.\n\nYou can download it from [here](https://npcap.com/#download).\n\nChoose the \"Npcap SDK\" version and install it (zip file). Then, copy `Packet.lib` and `wpcap.lib` in the zip to the root of the project.\n\nThen, return [here](https://npcap.com/#download) and download the \"Npcap installer\" (during the installation, choose the \"Install Npcap in WinPcap API-compatible Mode\" option).\n\n## Requirements (general)\nYou need to have rust installed on your machine. You can install it by following the instructions on the [official website](https://www.rust-lang.org/tools/install).\n\n## Excel file\nBefore you start, you'll need an excel file with the names of your devices (unique names) in the second column, and the MAC address (also unique) in the third.\n\nIt doesn't matter what's in the first column, just as it doesn't matter what's after the third.\n\nThe first line is ignored, so as to be able to have column headings.\n\nHere's an example:\n\n| Category           | Device Name            | MAC Address         | Companion App  |\n|--------------------|------------------------|---------------------|----------------|\n| Audio              | Amazon Alexa Echo Dot 1| 1A:FE:2B:98:16:DD   | Amazon Alexa   |\n| Audio              | Amazon Alexa Echo Dot 2| A2:D0:DC:C4:08:FF   | Amazon Alexa   |\n| Audio              | Amazon Alexa Echo Spot | DC:12:B0:9B:0C:EC   | Amazon Alexa   |\n| Camera             | AMCREST WiFi Camera    | 09:7C:39:CE:6E:2A   | AmcrestViewPro |\n| Camera             | Arlo Base Station      | CD:F4:11:9C:D0:00   | Arlo           |\n| Home Automation    | Atomi Coffee Maker     | 44:A6:B8:F9:1B:88   | Atomi Smart    |\n\n## Usage\n\nTo have help on the command line arguments, run the following command:\n```powershell\ncargo run -- --help\n```\n\nHere are a few examples:\n\n### Analyze a pcap file\nTo analyze the activity in a PCAP file, you can issue this command (replace the paths with the ones on your machine):\n```powershell\ncargo run --release -- -d .\\devices.xlsx -p .\\2021_11_02.pcap -o result.png\n```\nThis command will produce a graph showing the number of requests per hour for each device in the PCAP file.\n\n### Analyse a pcap file for some devices\nTo analyze the activity in a PCAP file, but only for a few devices, you can issue this command (replace the paths with the ones on your machine):\n```powershell\ncargo run --release -- -d .\\devices.xlsx -p .\\2021_11_02.pcap -o result.png -s \"Amazon Alexa Echo Dot 1\" -s \"Arlo Base Station\"\n```\n\n### Analyze a pcap folder\nTo analyze the activity in a folder containing PCAP files, you can issue this command (replace the paths with the ones on your machine):\n```powershell\ncargo run --release -- -d .\\devices.xlsx -P \"E:\\PCAP\" -o result.png -s \"Atomi Coffee Maker\"\n```\nThis command will give, for the given device, a comparison, for all PCAP files in the folder, of requests per hour, on the same graph.\n\n### Analyze a pcap folder (median)\nIt's also possible to generate a graph with the median of the requests per hour for a device, for all PCAP files in a folder. To do so, you can issue this command (replace the paths with the ones on your machine):\n```powershell\ncargo run --release -- -d .\\devices.xlsx -P \"E:\\PCAP\" -o result.png -s \"Atomi Coffee Maker\" --median\n```\n\n## Given ps1 scripts\nThere are also two given scripts (for Windows), which automate the execution of graph generation, for a multitude of appliances.\n\n### Analyze all device activity for each pcap file\nTo automate execution of the command given in [Section : Analyse a pcap file for some devices](#analyse-a-pcap-file-for-some-devices) and the command given in [Analyze a pcap file](#analyze-a-pcap-file), you can run the script `analyze_all_device_each_day.ps1` (replace the paths with those of your machine):\n```powershell\n.\\analyze_all_device_each_day.ps1 -pcapFolder \"E:\\PCAP\" -deviceListFile \"devices.xlsx\" -outputFolder \"output\" -analyzerExe \".\\target\\release\\trace_analyzer.exe\" -deviceFile \"devices.txt\"\n```\nThis command will, for all the PCAP files in the given folder, make an individual graph of all the devices given in the text file, then make the graph with all the devices in the PCAP.\n\n### Analyze each device activity for all pcap files\nTo automate execution of the command given in [Section : Analyze a pcap folder](#analyze-a-pcap-folder) and the command given in [Section : Analyze a pcap folder (median)](#analyze-a-pcap-folder-(median)), you can run the script `analyze_each_device_all_day.ps1` (replace the paths with those of your machine):\n```powershell\n.\\analyze_each_device_all_day.ps1 -pcapFolder \"E:\\test\" -deviceListFile \"devices.xlsx\" -outputFolder \"output\" -analyzerExe \".\\target\\release\\trace_analyzer.exe\" -deviceFile \"devices.txt\"\n```\nThis command will, for all the devices given in the text file, generate the activity comparison graph for this device between all the PCAP files given in the folder.\n\nThere is also the possibility to add the `-median` flag to the command, to generate the median graph instead of the comparison graph (replace the paths with those of your machine):\n```powershell\n.\\analyze_each_device_all_day.ps1 -pcapFolder \"E:\\test\" -deviceListFile \"devices.xlsx\" -outputFolder \"output\" -analyzerExe \".\\target\\release\\trace_analyzer.exe\" -deviceFile \"devices.txt\" -median\n```\n\n#### Note\n- The `devices.txt` file should contain the names of the devices you want to analyze, one per line.\n- Theses commands suppose that `trace_analyzer` was compiled in the `release` mode, with the `cargo build --release` command.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdevolde%2Ftrace_analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmdevolde%2Ftrace_analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdevolde%2Ftrace_analyzer/lists"}