Visualising connected hosts with a Python-generated network diagram
The bulk of cyber security incidents are fairly simple, but sometimes you end up working with a whole network of hosts that are connected to each other in different ways. With this scenario in mind, I recently set out to explore the possibility of creating a Python script to automatically generate a simple network diagram to visualise things more clearly.
Setting things up
Before we get properly started, another Python project means another block of setup code where we prepare the libraries and files that we’ll be using through the rest of the script.
NetworkX is the library we’ll be using to plot the diagram, while Matplotlib will be used to export it as a pretty PNG. Our input will be a file called hosts.txt with a line per host in the format: “source_hostname:connected_host_1,connected_host_2,connected_host_3”. For the sake of simplicity, the NetworkX graph function will be abbreviated to “G”.
Producing lists of hosts and connections
The first thing we need to do is make sense of hosts.txt and build definitive lists of all the hosts and connections that will be included in the final network diagram.
Let’s start with the hosts. These are before the colon on each line, so all we need to do is split each line at the colon and add the preceding text to a Python list. Then we use the source.seek function to return to the start of the input file ready for our next actions.
Now we repeat the process for the connections, which is a little more complicated because there are more than one per source host. Again we take the source hostname from before the colon, but this time we split what comes afterwards at each comma and create a new list entry for each connection in the format “source_hostname,connected_hostname”.
Plotting the hosts and connections on the diagram
Now that we’ve successfully arranged our two datasets, it’s time to plot them as nodes and lines on a diagram using NetworkX, which is a fairly simple process.
First, we iterate through the list of hosts, adding each as a node on the diagram. The if statement here checks to see if an entry in the list is blank and ignores it, which helps to prevent errors if your initial hosts.txt file contained any blank lines.
Once again, the process is slightly more complex for the connections, which need to be split into two segments (the source hostname and the destination hostname). Once these parts are added to a dictionary, NetworkX will accept them as the two ends of an edge (or line).
Exporting a pretty diagram
The final step is to generate the network diagram with NetworkX and then export it as a PNG image with Matplotlib, which is a fairly self-explanatory few lines of code.
Note that both functions have a series of attributes that can be tweaked to your heart’s content (there are more than I’ve used here, too). When we’re finished, we also close the source file to keep things nice and tidy and allow us to edit it with other programs.
So what do we get for our trouble? The result is a neat little PNG network diagram that makes visualising the network you’re investigating much easier.
If yours isn’t as tidy as mine, try playing with the various formatting attributes in the last step, or simply try executing your Python script again – NetworkX sometimes cycles through a few different layouts if it is run again, and some of them are a lot prettier than others.
A note: I’m only just delving into the world of Python, and these posts are as much to get things straight in my own head as they are to show them to others. If anything looks wrong, or there’s a more efficient way of doing something, please let me know!
Photo from Pexels