Monday, December 11, 2017

Making a simple network traffic graph with tshark and afterglow

Outputting a pcap file for CSV format for using afterglow. pl and neato (Graphviz) to create a graph
To make a simple source and destination graph..
First make the capture file using tcpdump
tcpdump -nn -i -q -w capture.pcap
Then use tshark to extract the source and destination IP address and output to a comma-separated file
tshark -T fields -nn -r capture.pcap -E separator=, -e ip.src -e ip.dst > output.txt
Sort and remove duplicates
cat output.txt | sort | uniq > output.csv
or just sort to see all connections
cat output.txt | sort > output.csv
Edit file to remove any lines with incorrect data (like just a comma)
Process the file through afterglow to format in dot graph format that Graphviz can use
cat output.csv | afterglow/afterglow.pl -t > output.dot
Create your graph in .png format
cat output.dot | neato -Tpng > output.png

No comments:

Blog Archive