PlotCap - a simple network visualization tool
Project description
PlotCap - a simple network visualization tool.
Introduction
PlotCap is a simple command line tool written in Python and based on PyVis, that parses network capture files (produced by tools such as tcpdump or Wireshark) to render a graph of the network topology in a web page.
PlotCap was designed for red team engagements, with the aim of quickly mapping out relationships between devices (“nodes”) in a network. Target groups are: network administrators, penetration testers and curious people.
Visualization can be performed at layer 2 (MAC addresses) and layer 3 (IP addresses). Layer 2 is the default. The tool attempts to resolve MAC addresses unless directed otherwise.
Install
You can install plotcap on your system by using pipx:
pipx install git+https://github.com/darknetehf/plotcap.gitAnd optionally:
pipx ensurepathThis will add ‘~/.local/bin’ to your PATH environment variable.
Usage
plotcap -f capture.capThis is equivalent to:
plotcap -f capture.cap --layer2or:
plotcap -f capture.cap --layer2 --resolve-ouiDo not resolve MAC addresses:
plotcap -f capture.cap --layer2 --no-resolve-ouiShow IP addresses:
plotcap -f capture.cap --layer3To increase verbosity add -v or -vv for debugging.
API
A convenience API is available if you just want to parse the .pcap file and reuse the results, but don’t want a graphical representation.
from plotcap.api import parse_file
pcap_file = "/tmp/test.pcap"
conversations = parse_file(pcap_file=pcap_file, layer=2)
for conversation, packet_count in conversations.items():
print(f"src: {conversation.src} - dst: {conversation.dst} - packets: {packet_count}")Limitations
Although this is a command line tool, it requires a graphical environment and a web browser to render network maps. On headless systems we suggest using Xvfb to set up virtual sessions.
PlotCap was tested on Linux only
MAC addresses may not always be resolved to manufacturer names, especially if address randomization comes into play
See the TODO file for more missing features
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file plotcap-1.1.1.tar.gz.
File metadata
- Download URL: plotcap-1.1.1.tar.gz
- Upload date:
- Size: 5.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6f7263c8933ca465402be8d2886cd81391fa6a1ea802a7c76fd9852d53502337 |
|
| MD5 | b9b97e060d38c9bf7b22c659cf928831 |
|
| BLAKE2b-256 | 81214156422387e6c10ae0f1e2ac4e0460a921a07f0f4217f6d1143ce81e704f |
File details
Details for the file plotcap-1.1.1-py3-none-any.whl.
File metadata
- Download URL: plotcap-1.1.1-py3-none-any.whl
- Upload date:
- Size: 7.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f96634f31da6d5afb08a76a630a3a9a997f9cbb94b064364cace465560ada85d |
|
| MD5 | 1b1b47ec41e96e203033c7308f82aefc |
|
| BLAKE2b-256 | bc3a9ab11dc72bfcfa188eb1d047387737613df1b42fbc22b721e4a726158ae7 |
