[Python] Visualize the information acquired by Wireshark

Visualize the information acquired by Wireshark

Introduction

It's fine if it's only packets generated on localhost, but when port forwarding is done, Wireshark gets messed up and it's hard to understand, so I tried to visualize it.

This time we are only dealing with packets that occur on localhost, but we are using PageRank (visualize the importance of the node) for those who are getting multiple packets.

environment

Python 3.7.5

Preparation

Install Python package

pip install dpkt
pip install networkx
pip install matplotlib

Export the data captured by Wireshark

Please save the file captured by Wireshark as it will be used. Select .pcap ofWireshark / tcpdump / ...as the file format to save.

Completed form

The IP address has been corrected for the time being.

Screen Shot 2020-01-19 at 4.17.45.png

How to use

It is assumed that both are in the same hierarchy.

python pcap_Visualization.py <file name.pcap>

Source code

pcap_Visualization.py


import binascii
import dpkt
import matplotlib.pyplot as plt
import networkx as nx
import os
import socket
import string
import sys


def main(file_name):
    packet_count = 0
    pcr = dpkt.pcap.Reader(open(file_name,'rb'))

    #Packet processing
    for ts,buf in pcr:
        packet_count += 1
        try:
            eth = dpkt.ethernet.Ethernet(buf)
        except:
            continue

        #For IP data
        if type(eth.data) == dpkt.ip.IP:
            ip = eth.data
            src = socket.inet_ntoa(ip.src)
            dst = socket.inet_ntoa(ip.dst)
            with open('./edgelist.txt', 'a') as f:
                print("{} {}".format(src, dst), file = f)

    G = nx.read_edgelist('edgelist.txt', nodetype=str)  #File reading
    plt.figure(figsize=(7, 7))
    pos = nx.spring_layout(G)

    #Add PageRank
    pr = nx.pagerank(G)
    nx.draw_networkx_edges(G, pos, edge_color='y')

    #node_Include PageRank value in size
    nx.draw_networkx_nodes(
        G,
        pos,
        node_color='r',
        alpha=0.5,
        node_size=[5000*v for v in pr.values()]
    )
    nx.draw_networkx_labels(
        G,
        pos,
        font_size=10
    )

    plt.axis('off')
    plt.show()

    os.remove("edgelist.txt")
    print("Processing Exit:{}".format(packet_count))

#Main function
if __name__ == '__main__':
    if (len(sys.argv) != 2):
        print("Please specify the file")
        exit()
    #Set the second argument to the file name
    file_name = sys.argv[1]

    main(file_name)

bonus

When I added packets generated by other devices, it looked like this! It's hard to tell the difference between PageRank ... I'll fix it when I feel like it!

Screen Shot 2020-01-19 at 4.09.29.png

Summary

NetworkX is interesting !! It's a package that expresses the connection between nodes and edges, but it seems that it can be applied to other than networks !! We look forward to your suggestions !!

Recommended Posts

[Python] Visualize the information acquired by Wireshark
Visualize the correlation matrix by principal component analysis in Python
Get property information by scraping with python
Read the file line by line in Python
Read the file line by line in Python
Pandas of the beginner, by the beginner, for the beginner [Python]
The first web app created by Python beginners
Visualize accelerometer information from the microcomputer board in real time with mbed + Python
[Python] Sort the table by sort_values (pandas DataFrame)
How to erase the characters output by Python
I tried using the Datetime module by Python
Linux: Understand the information displayed by the top command
Authentication information used by Boto3 (AWS SDK for Python)
Find the cumulative distribution function by sorting (Python version)
Basic information Write the 2018 fall algorithm problem in Python
[Python] Specify the range from the image by dragging the mouse
Python3 datetime is faster just by specifying the timezone
Get the SQL executed by dataset (Python OR mapper)
Visualize the range of interpolation and extrapolation with python
Read the xml file by referring to the Python tutorial
Information for controlling the motor with Python on RaspberryPi
Shift the alphabet string by N characters in Python
I tried to visualize the spacha information of VTuber
The VIF calculated by Python and the VIF calculated by Excel are different .. ??
Store the stock price scraped by Python in the DB
Let's visualize the rainfall data released by Shimane Prefecture
Visualize long meetings in Python ~ Speaker identification by PyTorch ~
Extract the band information of raster data with python
Visualization memo by Python
Communication processing by Python
the zen of Python
Visualize Python dataframes (Rstudio)
Beamformer response by python
[Python] Split the date
Try to import to the database by manipulating ShapeFile of national land numerical information with Python
python> link> dir_util.copy_tree ()> update = 1> Do not copy the acquired one?
[Python] Open the csv file in the folder specified by pandas
Why can I use the module by importing with python?
Visualize the results of decision trees performed with Python scikit-learn
[python] Decompose the acquired Twitter timeline into morphemes with MeCab
Visualize the "regional color" of the city by applying document vectorization
Beginners get Qiita tag information and visualize and consider the TOP10.
[Python3] Call by dynamically specifying the keyword argument of the function
[Python] I tried to visualize the follow relationship of Twitter
Obtain vulnerability information using the REST API published by NVD
Debug by attaching to the Python process of the SSH destination
Find the diameter of the graph by breadth-first search (Python memory)
The twelfth offline real-time writing reference problem. Implementation by python