Otto  background

Visualizing Network Data Using Python: Part 2

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

In the first part of this how-to, Visualizing Network Data Using Python: Part 1, we introduced you to packet analysis using Python and ScaPy. Building on those skills, we will make a few small modifications to visualize the data using Plotly, an extremely powerful Python graphing package. In this example we will create a graph of the occurrence of source IPs in a PCAP file.

Step 1
Before we start slinging code we need to install Plotly (and the previous package scapy). Then we will import Plotly.

Installation
pip3 install plotly
pip3 install scapy-python3

Imports
from scapy.all import *
from collections import Counter
import plotly

Step 2
We will then tell ScaPy to read all of the packets in the PCAP to a list. Too do that, use the rdpcap function.
packets = rdpcap('example.pcap')

Step 3
Packets in ScaPy have elements, we will only be dealing with packet’s IP data.  Each packet has attributes like source IP, destination IP, source port, destination port, bytes, etc.  To print a source IP use pkt[IP].src
print(pkt[IP].src)

For our example we will need to read a PCAP file and store the source IP in a list. To do that, we will loop through the packets using a try/except as not every packet will have the information we want (malformed, retransmit, etc). The try/except gives us an error-free program when reading the PCAP.

srcIP=[]
for pkt in packets:
if IP in pkt:
try:
           srcIP.append(pkt[IP].src)
except:
pass

Step 4
Now that you have a list of IPs from the packets we will use a counter to create a count of the times we see each source IP.

cnt=Counter()

for ip in srcIP:
cnt[ip] += 1

Step 5
Now we need to create the  x and y data for the graph. We’ll create empty lists for both, then we will loop through the data and append them to the lists  from highest to lowest .
xData=[]
yData=[]
for ip, count in cnt.most_common():
xData.append(ip)
yData.append(count)

Step 6
Next we will create a plot. Plotly is great in that it will open the plot in your browser.

plotly.offline.plot({
"data":[  plotly.graph_objs.Bar( x=xData, y=yData) ]
})

The whole script beginning-to-end looks like this:

 



Step 7
To run it, create a PCAP with tcdpump:
sudo tcpdump -w example.pcap -c10000

Step 8
Now run the program and explore the  results in your browser:

Step 9
Now this is optional, but  the goal is to visualize the data, adding a title and labels makes the data much easier to read. Adding the “layout” option to plotly will get you that information.
plotly.offline.plot({
   "data":[plotly.graph_objs.Bar(x=xData, y=yData)],
"layout":plotly.graph_objs.Layout(title="Source IP Occurrence",
xaxis=dict(title="Src IP"),
       yaxis=dict(title="Count"))})
 

I hope this helped you out with visualizing packet data using Python. As always, feel free to comment or ask questions and tune in tomorrow for Visualizing Network Data Using Python: Part 3!

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic

loading...