Skip to main content

PlotCap - a simple network visualization tool

Project description

PlotCap - a simple network visualization tool.

Sample

Introduction

PlotCap is a simple command line tool written in Python and based on PyVis, that parses network capture files (produced by tools such as tcpdump or Wireshark) to render a graph of the network topology in a web page.

PlotCap was designed for red team engagements, with the aim of quickly mapping out relationships between devices (“nodes”) in a network. Target groups are: network administrators, penetration testers and curious people.

Visualization can be performed at layer 2 (MAC addresses) and layer 3 (IP addresses). Layer 2 is the default. The tool attempts to resolve MAC addresses unless directed otherwise.

Install

You can install plotcap on your system by using pipx:

pipx install git+https://github.com/darknetehf/plotcap.git

And optionally:

pipx ensurepath

This will add ‘~/.local/bin’ to your PATH environment variable.

Usage

plotcap  -f capture.cap

This is equivalent to:

plotcap  -f capture.cap --layer2

or:

plotcap  -f capture.cap --layer2 --resolve-oui

Do not resolve MAC addresses:

plotcap  -f capture.cap --layer2 --no-resolve-oui

Show IP addresses:

plotcap  -f capture.cap --layer3

To increase verbosity add -v or -vv for debugging.

API

A convenience API is available if you just want to parse the .pcap file and reuse the results, but don’t want a graphical representation.

from plotcap.api import parse_file

pcap_file = "/tmp/test.pcap"
conversations = parse_file(pcap_file=pcap_file, layer=2)
for conversation, packet_count in conversations.items():
   print(f"src: {conversation.src} - dst: {conversation.dst} - packets: {packet_count}")

Limitations

  • Although this is a command line tool, it requires a graphical environment and a web browser to render network maps. On headless systems we suggest using Xvfb to set up virtual sessions.

  • PlotCap was tested on Linux only

  • MAC addresses may not always be resolved to manufacturer names, especially if address randomization comes into play

  • See the TODO file for more missing features

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

plotcap-1.1.1.tar.gz (5.8 kB view details)

Uploaded Source

Built Distribution

plotcap-1.1.1-py3-none-any.whl (7.6 kB view details)

Uploaded Python 3

File details

Details for the file plotcap-1.1.1.tar.gz.

File metadata

  • Download URL: plotcap-1.1.1.tar.gz
  • Upload date:
  • Size: 5.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.0 CPython/3.12.4

File hashes

Hashes for plotcap-1.1.1.tar.gz
Algorithm Hash digest
SHA256 6f7263c8933ca465402be8d2886cd81391fa6a1ea802a7c76fd9852d53502337
MD5 b9b97e060d38c9bf7b22c659cf928831
BLAKE2b-256 81214156422387e6c10ae0f1e2ac4e0460a921a07f0f4217f6d1143ce81e704f

See more details on using hashes here.

File details

Details for the file plotcap-1.1.1-py3-none-any.whl.

File metadata

  • Download URL: plotcap-1.1.1-py3-none-any.whl
  • Upload date:
  • Size: 7.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.0 CPython/3.12.4

File hashes

Hashes for plotcap-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f96634f31da6d5afb08a76a630a3a9a997f9cbb94b064364cace465560ada85d
MD5 1b1b47ec41e96e203033c7308f82aefc
BLAKE2b-256 bc3a9ab11dc72bfcfa188eb1d047387737613df1b42fbc22b721e4a726158ae7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page