Geopackets

A script that takes a pcap(packet capture) file as input and plots the source and destination of the data packets along with a web joining all the nodes on a KML file which can be then opened by Google Earth/Maps.

Setup:

  • $ sudo python setup.py
  • Installs all dependencies

Dependencies (Covered in Setup):

  • GeoCityLite database which is an open-source database from MaxMind, Inc. This database correlates registered IP addresses to physical locations. It can be downloaded from here. After downloading, uncompress the GeoLiteCity.dat.gz file and move it to the location /opt/GeoIP/Geo.dat
  • pygeoip library for python which queries the GeoLiteCity database and can be installed using:[sudo] pip install pygeoip
  • dpkt library for python which analyzes data packets. It can be installed using :[sudo] pip install dpkt

Usage:

  • $ python GeoPackets.py -p <pcap file location>

  • The KML file gets saved in the current working directory. This file can now be opened by Google Earth and the various source and destination points of the data packets, and the web can be seen.

References:
  • https://developers.google.com/earth/
  • http://dagik.org/kml_intro/E/line.html
  • http://store.elsevier.com/Violent-Python/TJ-OConnor/isbn-9781597499576/