Pcap2Map - Traffic Mapper
About
Pcap2Map is a tool I wrote to be able to quickly visualize and identify where network traffic was going.What it does:
- It parses libpcap based network traffic capture files without the use of external libraries. It works with the pcap file at the raw byte level. (Most network sniffers use the libpcap format. I like using WireShark)
- Rips out the source and destination IP addresses from the pcap file
- Eliminates duplicate source -> destination IP pairs for mapping purposes
- Geolocates the IP addresses
- Creates a Google Earth KML file based on the traffic as a function of time.
Click image for a larger view
You'll notice the time slider in the upper left of the image. As it's moved to the right, new traffic links will appear in the order they took place.