FlowPCAP is a lightweight tool to analyze PCAP files and visualize network topologies interactively.
It is designed for educational use — to help students and beginners understand how captured packets can be parsed, enriched, and converted into useful network diagrams.
✨ Features:
- Parse PCAP files into structured JSON
- Enrich nodes with MAC vendor metadata
- Compute simple suspiciousness scores
- Suggest one-line ACL actions for quick insights
- Interactive HTML topology viewer (manual + pyvis)
- Open this repository in GitHub Codespaces.
Dependencies will be installed automatically via the devcontainer. - In the terminal, run:
bash
python src/generate_pcap.py
python src/parse_pcap_enhanced.py data/sample.pcap output/topo_enh.json
python src/visualize_enhanced.py output/topo_enh.json output/topology_enh.html
python -m http.server 8000
🔹 Running Locally (Linux / macOS)
Install system packages:
sudo apt update && sudo apt install -y graphviz libpcap-dev
(or brew install graphviz on macOS)
Install Python dependencies:
python -m pip install -r requirements.txt
Run the same 3 commands as above (generate → parse → visualize).
FlowPCAP/
│
├── data/ # sample PCAPs
│ └── sample.pcap
│
├── output/ # generated JSON + HTML outputs
│ ├── topo_enh.json
│ └── topology_manual.html
│
├── src/ # core scripts
│ ├── generate_pcap.py
│ ├── parse_pcap_enhanced.py
│ └── visualize_enhanced.py
│
├── requirements.txt # dependencies
├── README.md # documentation
├── LICENSE # MIT license
└── .devcontainer/ # Codespaces setup
output/topo_enh.json → parsed and enriched network data
output/topology_manual.html → interactive topology viewer
💡 Open output/topology_manual.html in a browser — click nodes to view IP, MAC, vendor, suspicious score, and suggested ACL.
B.Tech (Computer Science & Engineering – Cybersecurity)
G. H. Raisoni International Skill Tech University, Pune