A Python 3 script to parse a packet capture file into a JSON object that can be uploaded to https://johnbiz.net/ip-map/. The JSON object is used to display each non-private IP address on a Google Map. It's a great way to get a visual on the source and destination of your IP traffic.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ipmap
.gitignore
LICENSE
README.rst
requirements.txt

README.rst

IPMAP

A Python 3 script to parse a packet capture file into a JSON object that can be uploaded to https://johnbiz.net/ip-map/. Each non-private IP address will be displayed on a Google Map. It's a great way to get a visual on the source and destination of your IP traffic.

Getting Started

Obtaining a packet capture

This can be done a multitude of ways. I've listed a few here.

  • Using a command line tool such as tcpdump.
  • Wireshark.
  • Using built in firewall packet capture tools, such as those provided by Pfsense.

NOTE: The packet capture needs to be a .pcap file, not a .pcapng. Converting a pcapng file to pcap can be done using the tshark command (Linux).:

tshark -r capture.pcapng -w capture.pcap -F libpcap

Installation

  1. Download the MaxMind geoip2 database.

  2. Get the code and set up the virtual environment.

    git clone https://github.com/johnnyrockets/ipmap
    cd ipmap/
    mkvirtualenv ipmap_env
    pip install -r requirements.txt
    cd ipmap
    
  3. Set global variables in ipmap/ipmap/config.py file.

    #
    # This is the only required variable needing to be set
    # Set it to the path where you saved the GeoLite2-City.mmdb.gz file
    #
    GEO_DB = ...
    
  4. Run the script:

    python ipmap.py -h
    python ipmap.py -i /path/to/capture.pcap
    

This may take some time, depending on the size of you packet capture file. Once completed, you can visit https://johnbiz.net/ip-map/ and upload the .json file.

The JSON object looks like this:

{
  "192.161.154.1": {
    "city": "San Francisco",
    "aliases": "",
    "hostname": "proxy.vip.pod5.iad1.zdsys.com",
    "latitude": 37.7758,
    "longitude": -122.4128,
    "src": 84,
    "dst": 88
  }
}

The resulting page will display all the IP addresses on a Google Map.

Google Map with IP Address markers