Open Network Nodeifier (ON2) will digest packet captures (live or replayed) and create network topologies consisting of the connections between IPs. The network administrator will then be able to color and group the nodes based on different criteria. For example you could color the range of IPs in your DMZ green and the internal devices only supposed to connect to the DMZ red to quickly see if they are connecting to anything other than a green colored node. There is a simple alerting based on certain groups connecting to eachother. We will be using d3.js (along with node.js for a simple web server) for parts of the visualization and tshark for the capturing or replaying of packets, and alertify.js for alerting.
Authors: Bryson McIver and Ohan Fillbach
- nodejs
- npm
- Copy the server folder onto your collection box.
- Run
npm installto install necessary packages. - Edit the rules.json file (see examples) to create filtering and coloring rules. Group 9001 is for dropping traffic.
- Run
node server.jsto launch the server on port 8000. - Optionally edit parameters at the top of the graph.js file
- Open web broswer to your server's ip port 8000
- python3
- pyshark
- websocket-client
- Copy the agent.py file to the (only linux is supported currently) agent you want to collect from.
- Run
ageny.py nodeserveripto start collecting on the agent's interfaces
If you would like to add more rule processing function, look at comments in server.js and add to the packet processing. While it's not the cleanest to add these, it is realitively easy to tie them in if you follow the format.