IP-Link – Twelve years after

GraphViz visualization

It is now about twelve years that I maintain IP-Link. No big new features since recently but the code is still working well, evolving and using up-to-date libraries. Even better, I am now using Pypacker for the parsing of the network captures. Its a quite a cool improvement. The parsing is way faster than before, like wayyyyyy faster!

The picture above represents approximately five minutes of a classical network activity of my desktop computer just after I turn it on. Some IRC, XMPP, Web browsing, email checking, RSS fetching, etc.

You can try with the simple example from the README file:

$ mkdir captures data
$ sudo tcpdump -p -i eth0 -s 0 -w captures/snif.pcap
$ ip-link/pcap_to_object.py -i captures/snif.pcap -o data/dic.pyobj
$ ip-link/object_to_graphviz.py -i ./data/dic.pyobj
$ dot -Tpng -o ./data/graphviz.png ./data/ip.dot

Before, you will have to install few dependencies. This can be achieved easily with Poetry. Everything is explained in the README file (RTFM, please ;-). The whole thing is also a lot easier to install. It was not the case at all when i started this project.

If you care, more details below about my PCAP analysis.

$ mkdir captures data

(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ sudo tcpdump -p -i enp5s0 -s 0 -w captures/snif.pcap
[sudo] password for cedric: 
tcpdump: listening on enp5s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C126799 packets captured
126804 packets received by filter
0 packets dropped by kernel

(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ ls -lh captures/
total 154M
-rw-r--r-- 1 tcpdump tcpdump 154M janv. 27 22:57 snif.pcap
(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ 
(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ 
(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ time ip-link/pcap_to_object.py -i captures/snif.pcap -o data/dic.pyobj
WARNING (<module>): Couldn't load netifaces, some utils won't work
Reading pcap file…
Serialization…

real    0m4,074s
user    0m3,978s
sys     0m0,097s

(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ time ip-link/object_to_graphviz.py -i ./data/dic.pyobj
Loading dictionary…
Creating GraphViz DOT file…
Writting file.

real    0m0,044s
user    0m0,040s
sys     0m0,004s

(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ dot -Tpng -o ./data/graphviz.png ./data/ip.dot

(ip-link-862Mi5xF-py3.10) cedric@numero5:~/git/IP-Link$ xdg-open ./data/graphviz.png &
&#91;1] 20321
&#91;1]+  Done                    xdg-open ./data/graphviz.png

And now just for the pleasure, an other visualization. A Chord diagram generated with IP-Link and Circos:

CIRCOS visualization

Related Posts