Visualize a PCAP file as a graph

[gregs5]

One of the challenges we have on the Poseidon team is gathering more data to train our ML models. A key part of that gathering is identifying (and labelling!) packet captures (pcaps) of specific device types. (e.g. X appears to be a TiVo, Y appears to be a Camera device, Z to be a Windows AD controller, etc.) One can of course achieve this using a combination of tools and approaches (including the use of p0f and Wireshark!), but there have been times when we have been sifting through pcaps that it hasn't been immediately obvious what a give node is.

We have found it useful to represent a node's communications as visual graph to help with identification. To-date we have done this manually using a a few steps:

1. Converting the PCAP to a basic graph using the "brassfork" tool (which outputs a nodes.csv and edges.csv)
2. Importing the two csv files from brassfork into Gephi
3. Saving the Graph
4. Being happy that it is now easier to figure out what you are looking at

What we would really like to do is take the above process, automate it, and replace Gephi with some generated graph visualization mechanism like Graphistry.

[gregs5]

To add to the above, I don't think we/one NEEDS to go from pcap->brassfork->Graphistry (or equivalent); that's just one way to do it!

[cglewis]

closing, as there has been no new activity in over 2 years.