Network Connections Recorder and Analyzer
This project provides the ability to record the state of network connections and perform analysis by comparing snapshots with traffic dumps. It includes several Python scripts and modules for data retrieval, processing, and a web-based interface for visualization.
- get_data.py: Script to retrieve and print current network connection state in different formats.
- app.py: Flask web application for displaying current network connections.
- src/Connection.py: Module defining classes for representing network connections.
- src/Netstat.py: Module for retrieving network connection information using the
netstatcommand. - src/Common.py: Common module containing shared utilities and configurations.
- src/Process.py: Module defining a class for representing processes and their associated network connections.
- src/Snapshot.py: Module for capturing, storing, and comparing snapshots of network connection states.
- src/Filter.py: Module (not implemented yet) for creating capture/preview filters for tcpdump/wireshark.
- tests/test_db.py: Script to compare snapshots of network connections.
This script compares snapshots of network connections and prints the differences between the last two snapshots. It utilizes the SnapshotDatabase class from Snapshot.py. Run the script as follows:
./tests/test_db.py -vThe -v option prints the last snapshot along with the timestamp and connections.
This script retrieves the current state of network connections and prints it in either dictionary or JSON format. It utilizes the Netstat and Process classes from the respective modules. Run the script with the desired format:
./get_data.py --format jsonThis Flask web application provides three routes:
/: Displays the current network connection state./test: Similar to the main route for testing purposes./filters: Not implemented yet, intended for rendering a page with tcpdump/wireshark capture/preview filters.
Run the application using:
./app.pyVisit http://localhost:5000 in your web browser to interact with the web interface, or http://localhost:5000/test to view processes and their corresponding connections as a nested table.
Defines classes (BaseConnection, TCP_State, Common_Connection_properties_and_metrics, TCP_Connection, UDP_Connection) representing network connections.
Module for retrieving network connection information using the netstat command. Contains the Netstat class with methods to get interfaces, connections, and associated process IDs.
Common module with shared utilities and configurations. It currently includes configurations for subprocess run arguments.
Not implemented yet. Intended for creating capture/preview filters for tcpdump/wireshark.
Defines a Process class representing processes and their associated network connections.
Module for capturing, storing, and comparing snapshots of network connection states. Contains the Snapshot and SnapshotDatabase classes.
- The project utilizes the
flasklibrary for the web application. - Certain functionalities are marked as not implemented (
#TODO) and are intended for future development. - The project involves capturing snapshots of network connections and storing them in an SQLite database.
- The code includes comments and docstrings for better understanding and maintainability.
Feel free to explore and modify the code according to your project requirements.
This project is licensed under the GNU GPL License - see the LICENSE file for details.