Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
Monday, September 9, 2019
Edit
Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram - Hi friends mederc, In the article that you read this time with the title Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts
Article Capture,
Article Computer Forensics,
Article Database,
Article Forensics,
Article Forensics Tool,
Article Gathering,
Article JSON,
Article Linux,
Article Network,
Article Network Diagram,
Article Network Forensics Tool,
Article Pcap,
Article PcapXray,
Article SQLite, we write this you can understand. Alright, happy reading.
Title : Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
link : Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
PcapXray is a Network Forensics Tool To visualize a Packet Capture offline equally a Network Diagram including device identification, highlight of import communication too file extraction.
PcapXray Design Specification
Goal:
Given a Pcap File, plot a network diagram displaying hosts inwards the network, network traffic, highlight of import traffic too Tor traffic equally good equally potential malicious traffic including information involved inwards the communication.
Problem:
Solution: Speed upwards the investigation process
Tool Image:
Components:
Python Libraries Used: - All these libraries are required for functionality
Demo
Getting started:
Additional Information:
Challenges:
Known Bugs:
Docker Containers of PcapXray
PcapXray 2.0
Immediate Future Tasks: (Target: 3.0)
Future:
Just for Security Fun!
You are now reading the article Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram with the link address https://mederc.blogspot.com/2019/09/pcapxray-v25-network-forensics-tool-to.html
Title : Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
link : Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
PcapXray is a Network Forensics Tool To visualize a Packet Capture offline equally a Network Diagram including device identification, highlight of import communication too file extraction.
PcapXray Design Specification
Goal:
Given a Pcap File, plot a network diagram displaying hosts inwards the network, network traffic, highlight of import traffic too Tor traffic equally good equally potential malicious traffic including information involved inwards the communication.
Problem:
- Investigation of a Pcap file takes a long fourth dimension given initial glitch to commencement the investigation
- Faced past times every forensics investigator too anyone who is analyzing the network
- Location: https://github.com/Srinivas11789/PcapXray
Solution: Speed upwards the investigation process
- Make a network diagram amongst the next features from a Pcap file Tool Highlights:
- Network Diagram – Summary Network Diagram of amount network
- Information:
- Web Traffic amongst Server Details
- Tor Traffic
- Possible Malicious traffic
- Data Obtained from Packet inwards Report – Device/Traffic/Payloads
- Device Details
Tool Image:
Components:
- Network Diagram
- Device/Traffic Details too Analysis
- Malicious Traffic Identification
- Tor Traffic
- GUI – a gui amongst options to upload pcap file too display the network diagram
Python Libraries Used: - All these libraries are required for functionality
- Tkinter too TTK – Install from pip or apt-get – Ensure Tkinter too graphviz is installed (Most Linux incorporate past times default)
- apt install python-tk
- apt install graphviz
- apt install python3-tk (for python3 support)
- Sometimes ImageTk errors are thrown inwards python3 env --> occupation apt install python3-pil python3-pil.imagetk
- All these are included inwards the requirements.txt file
- Scapy – rdpcap to read the packets from the pcap file
- Ipwhois – to obtain whois information from ip
- Netaddr – to cheque ip information type
- Pillow – icon processing library
- Stem – tor consensus information fetch library
- pyGraphviz – plot graph
- Networkx – plot graph
- Matplotlib – plot graph (not used equally of now)
Demo
Getting started:
- Clone the repository
- pip install -r requirements.txt
- python Source/main.py
Additional Information:
- Tested on Linux
- Options for Traffic include - Web (HTTP too HTTPS), Tor, Malicious, ICMP, DNS
Challenges:
- Unstability of the TK GUI:
- Decision on the GUI betwixt Django too TK, settled upon tk for a uncomplicated local interface, but the unstability of the tk gui caused a discover of problems
- Graph Plotting:
- Plotting a proper network graph which is readable from the information obtained was quite an effort, used dissimilar libraries to instruct inwards at one.
- Performance too Timing:
- The performance too timing of the amount application was a large challenge amongst dissimilar information gathering too output generation
Known Bugs:
- Memory Hogging
- Sometimes retention hogging occurs when lower RAM is acquaint inwards the organisation equally the information stored inwards the retention from the pcap file is huge
- Should live on Fixed past times moving information into a database than the retention itself
- Race Condition
- Due to mainloop of the TK gui, other threads could undergo a race condition
- Should live on fixed past times moving to a ameliorate structured TK implementation or Web GUI
- Tk GUI Unstability:
- Same argue equally above
- Code:
- clumsy too unstructured code flow
- Current Fix inwards rare occasions: If whatever of the higher upwards upshot occurs the progress bar keeps running too no output is generated, a restart of the app would live on required.
Docker Containers of PcapXray
- Dockerfile acquaint inwards the root folder was used to construct images
- Already built docker images are flora at dockerhub
- srinivas11789/pcapxray-1.0
- srinivas11789/pcapxray-2.2
- Performing the steps inwards
run.shfile manually would piece of work to launch the tool via docker (I tin aid amongst errors) - Running
run.shscripts is an endeavor to automate (would non piece of work 100 percent)- tested on mac too linux - volition live on ameliorate soon!...
PcapXray 2.0
- Includes zoom feature
- Improves usability amongst a Browse files feature
- Report directory fixes for graph images
- Includes but about põrnikas fixes
Immediate Future Tasks: (Target: 3.0)
- Clean upwards code (beautify code base of operations from beingness a prototype)
- Report generation on unique folders for all assets of a parcel capture
- Suspicious activity detection
- Support to a greater extent than pcap reader engine
- Traffic support: ICMP, DNS
- Known file type detection too Extract
- Python2 too Python3
Future:
- Structured too produce clean code flow
- Change the database from JSON to sqlite or prominent database, due to retention hogging
- Change fronend to spider web based such equally Django
- Make the application to a greater extent than stable
- More protocol support
- Clean upwards code
Just for Security Fun!
Thus the article Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram
That's all the article Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram this time, hopefully can benefit you all. okay, see you in another article posting.
You are now reading the article Pcapxray V2.5 - A Network Forensics Tool To Visualize A Parcel Capture Offline Equally A Network Diagram with the link address https://mederc.blogspot.com/2019/09/pcapxray-v25-network-forensics-tool-to.html