diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b70b9b1 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,21 @@ +root = true + +[*] +indent_style = space +indent_size = 4 +insert_final_newline = true +trim_trailing_whitespace = true +end_of_line = lf +charset = utf-8 +max_line_length = 88 + +[*.{yml,yaml,json,js,css,html}] +indent_size = 2 + +[*.{md,rst}] +trim_trailing_whitespace = false + +# tabs 2 spaces for makefiles +[Makefile] +indent_style = tab +indent_size = 2 diff --git a/.gitignore b/.gitignore index daa757e..f66dd77 100644 --- a/.gitignore +++ b/.gitignore @@ -1,20 +1,23 @@ # use glob syntax syntax: glob +__pycache__/ +*.py[cod] +*.sqlite[3] +.idea *.elc -*.pyc -*~ -IP_Link.egg-info/ +*.egg-info/ dist/ # Temporary files (vim backups) *.swp +*~ docs/_build/ ip-link/captures/ ip-link/data/ captures/ -data/ \ No newline at end of file +data/ diff --git a/NEWS.md b/NEWS.md index e41db8d..7682299 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,5 +1,11 @@ ## Release History + +### 0.4.1 (2022-01-27) + +- various bugfixes. + + ### 0.4.0 (2022-01-21) - major update of project dependencies and settings. @@ -22,4 +28,3 @@ ### 0.1.0 (2010-03-18) - First official release of IP-Link. - diff --git a/README.md b/README.md index ceb92c4..c24ca08 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,6 @@ -IP-Link -======= +# IP-Link -Presentation ------------- +## Presentation The goal of [IP-Link](https://git.sr.ht/~cedric/ip-link) is to see the relationships between different IP from network traffic capture, @@ -10,8 +8,9 @@ thus quickly for a given address with the IP that communicates the most. IP-Link offers several visualization methods. -Installation ------------- +## Installation + +Python >= 3.8. ```bash $ sudo apt install libpcap0.8 @@ -21,18 +20,26 @@ $ poetry install $ poetry shell ``` -Python >= 3.8. +## Quick example + +```bash +$ mkdir captures data +$ sudo tcpdump -p -i enp5s0 -s 0 -w captures/snif.pcap +$ ip-link/pcap_to_object.py -i captures/snif.pcap -o data/dic.pyobj +$ ip-link/object_to_graphviz.py -i ./data/dic.pyobj +$ dot -Tpng -o ./data/graphviz.png ./data/ip.dot +$ xdg-open ./data/graphviz.png & +``` + -Tutorial and examples ---------------------- +## Tutorial and examples The site of IP-Link provides a complete [tutorial](https://ip-link.readthedocs.io/en/latest/tutorial.html). -License -------- +## License This software is licensed under [GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html). diff --git a/docs/bezier.rst b/docs/bezier.rst index a7a91d8..3aee3c2 100644 --- a/docs/bezier.rst +++ b/docs/bezier.rst @@ -10,7 +10,7 @@ Currently, it is in alpha mode : scripts have only been tested on few files, the But some results are interesting. -You will have to use the scrips located in the folder: **./source/bezier**. +You will have to use the scrips located in the folder: **./ip-link/bezier**. SQLite DB Generation ~~~~~~~~~~~~~~~~~~~~ @@ -51,18 +51,18 @@ A basic one .. code-block:: bash - cedric@debian:~/IP-Link/source/bezier$ ./pcap_to_sqlite.py -i ../capture.cap -o db.sqlite + cedric@debian:~/IP-Link/ip-link/bezier$ ./pcap_to_sqlite.py -i ../capture.cap -o db.sqlite Creating table. Reading pcap and inserting values in the table... {17: 780, 6: 40356, 1: 555} - cedric@debian:~/IP-Link/source/bezier$ ./sqlite_to_object.py -i db.sqlite -o db.object + cedric@debian:~/IP-Link/ip-link/bezier$ ./sqlite_to_object.py -i db.sqlite -o db.object DB connect Query sent to the base : SELECT ip_src, ip_dst, port_src, port_dst FROM ip_link Serialization... - cedric@debian:~/IP-Link/source/bezier$ ./object_to_image.py -i db.object -o image.png + cedric@debian:~/IP-Link/ip-link/bezier$ ./object_to_image.py -i db.object -o image.png Loading objet... Generate Communication stats... Number of communication: 41691 @@ -80,13 +80,13 @@ Between 2 IPs .. code-block:: bash - cedric@debian:~/IP-Link/source/bezier$ ./sqlite_to_object.py -i db.sqlite -o db.object -r ip -p 192.168.1.2:62.231.97.142 + cedric@debian:~/IP-Link/ip-link/bezier$ ./sqlite_to_object.py -i db.sqlite -o db.object -r ip -p 192.168.1.2:62.231.97.142 DB connect Query sent to the base : SELECT ip_src, ip_dst, port_src, port_dst FROM ip_link WHERE (ip_src = "192.168.1.2" AND ip_dst = "62.231.97.142") OR (ip_src = "62.231.97.142" AND ip_dst = "192.168.1.2") Serialization... - cedric@debian:~/IP-Link/source/bezier$ ./object_to_image.py -i db.object -o image2.png + cedric@debian:~/IP-Link/ip-link/bezier$ ./object_to_image.py -i db.object -o image2.png Loading objet... Generate Communication stats... Number of communication: 5100 @@ -104,13 +104,13 @@ With number limitation .. code-block:: bash - cedric@debian:~/IP-Link/source/bezier$ ./sqlite_to_object.py -i db.sqlite -o db.object -r number -p 1000 + cedric@debian:~/IP-Link/ip-link/bezier$ ./sqlite_to_object.py -i db.sqlite -o db.object -r number -p 1000 DB connect Query sent to the base : SELECT ip_src, ip_dst, port_src, port_dst FROM ip_link LIMIT 10000 Serialization... - cedric@debian:~/IP-Link/source/bezier$ ./object_to_image.py -i db.object -o image3.png + cedric@debian:~/IP-Link/ip-link/bezier$ ./object_to_image.py -i db.object -o image3.png Loading objet... Generate Communication stats... Number of communication: 10000 @@ -128,18 +128,18 @@ A Ports-Scan .. code-block:: bash - cedric@debian:~/IP-Link/source/bezier$ ./pcap_to_sqlite.py -i test.cap -o dbtest.sqlite + cedric@debian:~/IP-Link/ip-link/bezier$ ./pcap_to_sqlite.py -i test.cap -o dbtest.sqlite Creating table. Reading pcap and inserting values in the table... {1: 3, 6: 855, 17: 2} - cedric@debian:~/IP-Link/source/bezier$ ./sqlite_to_object.py -i dbtest.sqlite -o dbtest.object -r all + cedric@debian:~/IP-Link/ip-link/bezier$ ./sqlite_to_object.py -i dbtest.sqlite -o dbtest.object -r all DB connect Query sent to the base : SELECT ip_src, ip_dst, port_src, port_dst FROM ip_link Serialization... - cedric@debian:~/IP-Link/source/bezier$ ./object_to_image.py -i dbtest.object -o test.png + cedric@debian:~/IP-Link/ip-link/bezier$ ./object_to_image.py -i dbtest.object -o test.png Loading objet... Generate Communication stats... Number of communication: 857 diff --git a/docs/index.rst b/docs/index.rst index f30b351..321435e 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -9,7 +9,7 @@ Welcome to IP-Link's documentation! .. image:: _static/images/logo.png :align: right -The goal of `IP-Link `_ is to show the +The goal of `IP-Link `_ is to show the relationships between different IP addresses from network traffic capture, thus quickly determining for a given address the IP address with which it communicates the most. @@ -21,10 +21,10 @@ Installation .. code-block:: bash $ sudo apt install libpcap0.8 - $ git clone https://gitlab.com/cedric/ip-link.git + $ git clone https://git.sr.ht/~cedric/ip-link $ cd ip-link/ - $ pipenv install - $ pipenv shell + $ poetry install + $ poetry shell How it works diff --git a/docs/tutorial.rst b/docs/tutorial.rst index 52eab47..80638d8 100644 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -17,12 +17,12 @@ GraphViz .. code-block:: bash # create an object from the capture - cedric@debian:~/IP-Link/source$ ./pcap_to_object.py -i ~/captures/capture.pcap -o ~/data/dic.pyobj + cedric@debian:~/IP-Link/ip-link$ ./pcap_to_object.py -i ~/captures/capture.pcap -o ~/data/dic.pyobj Reading pcap file... Serialization... # create the GraphViz graph - cedric@debian:~/IP-Link/source$ ./object_to_graphviz.py -i ~/data/dic.pyobj + cedric@debian:~/IP-Link/ip-link$ ./object_to_graphviz.py -i ~/data/dic.pyobj Loading dictionary... Creating GraphViz DOT file... Writting file. @@ -71,11 +71,11 @@ Generation of the input matrix for Circos .. code-block:: bash - cedric@debian:~/ip-link/source$ ./pcap_to_object.py -i ~/captures/capture.pcap -o ~/data/capture.pyObj + cedric@debian:~/ip-link/ip-link$ ./pcap_to_object.py -i ~/captures/capture.pcap -o ~/data/capture.pyObj Reading pcap file... Serialization... - cedric@debian:~/ip-link/source$ ./object_to_circos.py -i ~/data/capture.pyObj -o ~/data/capture.circos + cedric@debian:~/ip-link/ip-link$ ./object_to_circos.py -i ~/data/capture.pyObj -o ~/data/capture.circos Loading objet... Searching IP that are source and destination... Circos matrix generation... @@ -114,11 +114,11 @@ Scatter plot with ploticus .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./pcap_to_object.py -i ~/captures/capture.cap + cedric@debian:~/IP-Link/ip-link$ ./pcap_to_object.py -i ~/captures/capture.cap Reading pcap file... Serialization... - cedric@debian:~/IP-Link/source$ ./sqlite_to_object.py -r tts -p 1231950347:1231950547 + cedric@debian:~/IP-Link/ip-link$ ./sqlite_to_object.py -r tts -p 1231950347:1231950547 DB connect Query sent to the base : SELECT ip_src, ip_dst FROM ip_link WHERE tts >= 1231950347 AND tts <= 1231950547 @@ -126,7 +126,7 @@ Scatter plot with ploticus Reading query result... Serialization... - cedric@debian:~/IP-Link/source$ ./object_to_scatterplot.py + cedric@debian:~/IP-Link/ip-link$ ./object_to_scatterplot.py Loading dictionary... Creating categories file Creating ploticus data file @@ -146,9 +146,9 @@ Picviz .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./pcap_to_sqlite.py -i ~/captures/capture.cap -o ~/data/ip.sql + cedric@debian:~/IP-Link/ip-link$ ./pcap_to_sqlite.py -i ~/captures/capture.cap -o ~/data/ip.sql - cedric@debian:~/IP-Link/source$ ./sqlite_to_picviz.py -i ~/data/ip.sql -r time -p 2009-1-16-00-03-00:2009-1-16-00-05-00 + cedric@debian:~/IP-Link/ip-link$ ./sqlite_to_picviz.py -i ~/data/ip.sql -r time -p 2009-1-16-00-03-00:2009-1-16-00-05-00 DB connect Query sent to the base : SELECT tts, ip_src, ip_dst FROM ip_link WHERE tts >= 1232060580.0 AND tts <= 1232060700.0 @@ -168,11 +168,11 @@ RealTime Graph 3D .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./pcap_to_object.py -i ~/captures/capture.pcap + cedric@debian:~/IP-Link/ip-link$ ./pcap_to_object.py -i ~/captures/capture.pcap Reading pcap file... Serialization... - cedric@debian:~/IP-Link/source$ ./object_to_rtgraph.py + cedric@debian:~/IP-Link/ip-link$ ./object_to_rtgraph.py Result @@ -186,9 +186,9 @@ MooWheel .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./pcap_to_sqlite.py -i ~/captures/capture.cap + cedric@debian:~/IP-Link/ip-link$ ./pcap_to_sqlite.py -i ~/captures/capture.cap - cedric@debian:~/IP-Link/source$ ./sqlite_to_object.py + cedric@debian:~/IP-Link/ip-link$ ./sqlite_to_object.py DB connect Query sent to the base : SELECT ip_src, ip_dst FROM ip_link @@ -196,7 +196,7 @@ MooWheel Reading query result... Serialization... - cedric@debian:~/IP-Link/source$ ./object_to_moowheel.py + cedric@debian:~/IP-Link/ip-link$ ./object_to_moowheel.py Loading dictionary... Creating MooWheel file... Writting file. @@ -211,7 +211,7 @@ If you want to see better, you can make a filter this way : .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./sqlite_to_object.py -r ip_src -p 212.110.251.3 + cedric@debian:~/IP-Link/ip-link$ ./sqlite_to_object.py -r ip_src -p 212.110.251.3 DB connect Query sent to the base : SELECT ip_src, ip_dst FROM ip_link WHERE ip_src = "212.110.251.3" @@ -219,7 +219,7 @@ If you want to see better, you can make a filter this way : Reading query result... Serialization... - cedric@debian:~/IP-Link/source$ ./object_to_moowheel.py -q + cedric@debian:~/IP-Link/ip-link$ ./object_to_moowheel.py -q Now, 82.0.72.48, 86.0.48.47, 125.211.214.144, 123.129.255.167 and 91.121.165.159 are missing. These IP are never contacted by 212.110.251.3. @@ -231,14 +231,14 @@ Histogram .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./pcap_to_object.py -i ~/captures/capture.cap + cedric@debian:~/IP-Link/ip-link$ ./pcap_to_object.py -i ~/captures/capture.cap Reading pcap file... Serialization... - cedric@debian:~/IP-Link/source$ ./object_to_csv.py + cedric@debian:~/IP-Link/ip-link$ ./object_to_csv.py Loading dictionary... Writting CSV file... - cedric@debian:~/IP-Link/source$ ./csv_to_histogram.py -s 192.168.1.2 + cedric@debian:~/IP-Link/ip-link$ ./csv_to_histogram.py -s 192.168.1.2 Result @@ -253,7 +253,7 @@ Filter by date .. code-block:: bash - cedric@debian:~/IP-Link/source$ ./sqlite_to_object.py -i ~/data/ip.sql -r time -p 2009-1-15-22-00-00:2009-1-16-02-00-00 + cedric@debian:~/IP-Link/ip-link$ ./sqlite_to_object.py -i ~/data/ip.sql -r time -p 2009-1-15-22-00-00:2009-1-16-02-00-00 DB connect Request sent to the base : SELECT ip_src, ip_dst FROM ip_link WHERE tts >= 1232053200.0 AND tts <= 1232067600.0 @@ -261,9 +261,9 @@ Filter by date Reading the result of the query... Serialization... - cedric@debian:~/IP-Link/source$ ./object_to_graphviz.py -q + cedric@debian:~/IP-Link/ip-link$ ./object_to_graphviz.py -q - cedric@debian:~/IP-Link/source$ dot -Tpng data/ip.dot -o pic.png + cedric@debian:~/IP-Link/ip-link$ dot -Tpng data/ip.dot -o pic.png Result diff --git a/ip-link/D3js/index.html b/ip-link/D3js/index.html index c67c2b8..45afa30 100644 --- a/ip-link/D3js/index.html +++ b/ip-link/D3js/index.html @@ -192,6 +192,6 @@

Adjacency matrix

Built with d3.js and -IP-Link. +IP-Link. diff --git a/ip-link/pcap_to_object.py b/ip-link/pcap_to_object.py index cb6704b..32769d3 100755 --- a/ip-link/pcap_to_object.py +++ b/ip-link/pcap_to_object.py @@ -8,9 +8,9 @@ """ __author__ = "Cedric Bonhomme" -__version__ = "$Revision: 0.4 $" +__version__ = "$Revision: 0.5 $" __date__ = "$Date: 2009/02/20 $" -__revision__ = "$Date: 2022/01/21 $" +__revision__ = "$Date: 2022/01/27 $" __copyright__ = "Copyright (c) 2009-2022 Cedric Bonhomme" __license__ = "GNU General Public License v3 or later (GPLv3+)" diff --git a/pyproject.toml b/pyproject.toml index 9615c77..051ee33 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "ip-link" -version = "0.4.0" +version = "0.4.1" description = "Visualizing the relationships between different IP from network traffic capture." authors = ["Cédric Bonhomme "] license = "GPL-3.0-or-later"