Documentation

Code available to be looked through or cloned here.

General Info

PcapTracker is a full stack application made using Python's Scapy library to help analyze user pcaps. Our Python scripts filter through user pcaps to gather packet tracking information, like where and when are packets being sent to or received from. We then visualize these finding on the front end using interactive graphs and maps.

Technical details

As mentioned before, this is a full stack project. The front end is built using standard HTML, CSS, and JavaScript and we use an Apache web server to host it. The front end also makes use of the d3 library to different graphs based on information gathered from the inputted PCAP. These graphs can be scrolled through and interacted with by hovering over data points for more information.

The backend for this application was done using Python. This is where we actually analyze the PCAPs sent to us by users with help from the Scapy library. This library essentially just made it easier to read through the PCAPs packet by packet, actually filtering through the packets for interesting information was done through custom functions. We are able to generate an interactive world map showing where IPs are being sent to by using the geoIP2 Api by MaxMind through a Python wrapper on this collected information.

To actually call our Python scripts to generate this information we are running a Flask server at the endpoint /analyze. This Flask server is further loadbalanced with GUnicorn as Flask is not to be used directly in a production enviorenment. GUnicorn solves the problem of Flask not inherintly compatible with multithreading, meaning that GUnicorn is what allows two people couldn't simulataneously use our application.

Data Flow Diagram