🌐 NetTrace Visualizer - Network Traffic Visualization

NetTrace Visualizer is a Python-based network traffic analysis tool that visualizes global network communication patterns captured from Wireshark.
It reads a .pcap file, maps packets to geographic locations, and generates a .kml file to view connections on Google Maps or Google Earth.
It also plots a bar chart showing protocol distribution.

---

🚀 Features

• 📡 Analyze Network Traffic — Reads .pcap files captured via Wireshark.
• 🌍 IP Geolocation — Uses GeoLiteCity to locate destination IPs.
• 🏙️ City-based Source IPs — Source IPs are anonymized using predefined city IPs (Bengaluru, Mumbai, Pune, Chennai, Delhi).
• 🗺️ Map Visualization — Generates .kml files showing packet travel routes.
• 📊 Protocol Distribution Graph — Displays a bar chart of detected protocols (TCP, UDP, ICMP, ARP, IP).

---

🧰 How to Use

Follow these steps to generate the network visualization:

Step 1: Capture network packets using Wireshark

1. Download and install Wireshark.
2. Start Wireshark and begin packet capturing on your active network interface.
3. Open your web browser and visit various websites to generate traffic:
   • Include sites from different regions to get packets from multiple destinations.
   • For example: local news sites, Japanese news sites, Russian news sites, etc.
   • Spend 10–15 seconds browsing to generate a variety of packets.
4. Go back to Wireshark and stop packet capturing.
5. Save the captured packets as a .pcap file (e.g., recent.pcap) in your project directory.

Note: This captures only destination server IPs, your personal IP will not be exposed in the visualization thanks to city-based source IPs.

---

Step 2: Download GeoLiteCity Database

• Download the GeoLiteCity database (GeoLiteCity.dat) from MaxMind’s database:
  https://dev.maxmind.com/geoip/geolite2-free-geolocation-data/
  OR get it directly from this repo: https://github.com/mbcc2006/GeoLiteCity-data
• Place the GeoLiteCity.dat file in the same directory as your script.

---

Step 3: Set up Python environment and run the project

1. Create a virtual environment (optional but recommended):

python -m venv env

2. Activate the environment:

• Windows: env\Scripts\activate
• Linux/Mac: source env/bin/activate

3. Install required Python packages:

pip install -r requirements.txt

4. Run the main script:

python main.py

5. The script will do the following:
   • Extract source-destination IP pairs from the .pcap file.
   • Map each packet to a city-based source IP and destination geolocation.
   • Generate a .kml file (output.kml) with lines connecting the source city to destination IPs.
   • Display a bar chart of packet protocol distribution.

---

Step 4: View Protocol Distribution Graph

The script will display a bar chart showing counts of TCP, UDP, ICMP, ARP, and IP packets.

---

Step 5: Use the Output KML File

• The generated output.kml can be opened in Google Maps or Google Earth.
• Google Maps: Go to Google Maps, click the menu → Your Places → Maps → Create Map → Import KML, and upload output.kml.
• Google Earth: Open Google Earth, click File → Open, and select output.kml.

The map will show lines connecting the selected city IP to all captured destination IPs.

Example Screenshots:

• Google Maps:
  

• Google Earth:
  

---

⚠️ Important Notes

• Source IPs are anonymized — Real machine IPs are never exposed.
• The .pcap file may contain destination server IPs; no sensitive client info is shown.
• For educational and visualization purposes only — do not use on unauthorized networks.

---

🧑‍💻 Author

Alok Kumar Maurya – Developer | Email: alok05.maurya@gmail.com

---