Building Simple Graphs
by J. Edward Durrett
Visualizing data can help people see patterns more easily as well as communicate complex issues to a wider
I’ll unpack that a bit. First we call tcpdump to read the log file because it is in pcap format (and, by the
way, the whole packet is in there so there is a ton of information especially useful in active response). Then we
call awk to print the 5th position which is the destination ip address and port. We use cut to give us just
the last field, 5, which is the port. Then we sort the ports numerically. Using uniq we get a count of each port.
Then we sort them again to put them in order from lowest to highest instances. Using tr we can get rid of a pesky extra
character, the colon, that our previous filters missed. Then, we awk again, reversing the order of the fields so
they fit what our python script expects. And, finally, tail gives us just the top 5.
Now, to get a graph, all we have to do is pipe the output of the above command into this python script:
And voilla! We get this graph:
Now, here is the interesting thing. It took me longer to write this explanation than actually making the graph. If
you can set aside just 15 or 20 minutes a week, at the end of the year, you will have a dashboard of 52 graphs.
The graphs can also be used in automating reports distributed to staff or management. Automating the routine, and
less face it, boring, aspects of your job frees you to add value to the organization.
Copyright (c) 2019, Jason Edward Durrett - All content on this site, unless otherwise noted, is subject to this license.
Please contact me if any errors, such as erroneous / misleading content or missing / incomplete attribution, are found.