CODEWITHSUNDEEP
pythonpython-3.xdiagram
RT Security
RT Security

Reputation: 47

How to process network flow information in Python to display communicating nodes?

I'm trying to understand how best to visualise network flows that I have collected via PacketBeat in JSON to a diagram and require some advice and recommendations.

The reason for doing so is to provide an easy way of highlighting what devices on my network are talking to other devices etc.

My thoughts so far are to process the PacketBeat JSON in order to create a list of unique network nodes as well as a separate list of tuples in a format such as (source, destination, destination_port) to record who talks to who.

I'm unsure whether the above is the best way to proceed if I was to look at generating the graph with something like the "graphviz" Python library?

I'd appreciate any recommendations.

Upvotes: 0

Views: 255

Answers (1)

Paul Prescod
Paul Prescod

Reputation: 443

Yes either pygraphviz or gvgen would work well for this task. GVGen is smaller in terms of dependencies and it generates a ".dot" file which you then feed to the "dot" command line tool which you get by downloading the graphviz package. Pygraphviz can go directly to png, svg etc., but it can be harder to install on some computers.

I've used both pygraphviz and gvgen and they are both fairly simple and generate the results I need.

But as a rough example, with gvgen (which I was using just today) you would say:

import os
from gvgen import GvGen

graph = GvGen()

sources = ["machineA", "machineB", "machineC"]
connections = [("machineA", "machineB", "22"), ("machineC", "machineA", "80")]

nodes = {name: graph.newItem(name) for name in sources}
for source, target, port in connections:
    newlink = graph.newLink(nodes[source], nodes[target])
    graph.propertyAppend(newlink, "label", port)

with open("foo.dot", "w") as outfile:
    graph.dot(outfile)

os.popen(f"dot -Tpng foo.dot -ofoo.png")

Recently I lean towards GvGen based on the half an hour I wasted trying to get PyGraphviz to install on an end-user computer last week. I spent my weekend replacing PyGraphviz with GvGen and I think I'll lean that way in the future. If you are running it just on your own computer, pygraphviz is fine and easy. You'll know immediately whether it installed easily.

Upvotes: 2

Related Questions