Conversations

Scapy has a built-in conversations method. You'll need to build ImageMagick with X11: on the Mac, that's

brew uninstall imagemagick
brew install imagemagick --with-x11

Once we've done that, we can take a look at the existing method to print out a graph of all the conversations. This method is built into Scapy. We can utilize it to create our own conversations list, bypassing the graphing part and processing the information ourselves.

    def conversations(self, getsrcdst=None,**kargs):
        """Graphes a conversations between sources and destinations and display it
        (using graphviz and imagemagick)
        getsrcdst: a function that takes an element of the list and return the source and dest
                   by defaults, return source and destination IP
        type: output type (svg, ps, gif, jpg, etc.), passed to dot's "-T" option
        target: filename or redirect. Defaults pipe to Imagemagick's display program
        prog: which graphviz program to use"""
        if getsrcdst is None:
            getsrcdst = lambda x:(x['IP'].src, x['IP'].dst)
        conv = {}
        for p in self.res:
            p = self._elt2pkt(p)
            try:
                c = getsrcdst(p)
            except:
                #XXX warning()
                continue
            conv[c] = conv.get(c,0)+1
        gr = 'digraph "conv" {\n'
        for s,d in conv:
            gr += '\t "%s" -> "%s"\n' % (s,d)
        gr += "}\n"        
        return do_graph(gr, **kargs)

scapy a Python library for interfacing with network devices and analyzing packets from Python. Scapy  · Category:Scapy Building Wireless Utilities: Scapy/Airodump Clone  · Scapy/AP Scanner Analyzing Conversations: Scapy/Conversations Database: Scapy/Wifi Database Category:Scapy  · Category:Python  · Category:Networking Flags  · Template:ScapyFlag  · e