Packet Analysis in Color

Imagine network packets flying in the air or running along your computer’s ethernet cable — what color are they?

Maybe, something like this?

To see a possible spectrum of 256 colors available to us in our packets, we could write a tiny bit of Crystal code to use LibPcap to capture them live and represent each byte (8-bits) within it as an individual block of color on the command-line.

You will need to have Packetz, a network packet capturing library built with LibPcap, included in your program’s shard.yml file:

# example shard.yml
name: color_live_packets
version: 0.1.0
  dependencies:
    packetz:
      github: picatz/packetz

To install the dependencies now with the shard.yml file, just run:

$ shards install

Now we can simply compile the program with crystal :

$ crystal build color_live_packets.cr --release

We now have a binary that we can run to see network packets in 256 colors on the command-line to help visualize patterns and provide a different insight into what’s going on with our network traffic.

$ ./color_live_packets
██████████████████████████████████████████████████████████████████^C
Stopping!

In 256 color:

You can obviously tune the code to your needs to improve it for your situation. I just wanted to be able to do this — and with Crystal, it was incredibly easy to build my own simple packet analysis command-line tool.

I think this really just provides a great point to get started with other ways of coloring packets.

GitHub Code

This blog post’s code has been adapted from a command-line tool I wrote called niji on GitHub which essentially does exactly the same thing — but you can specify a network interface to listen on! Options, ‘yo!

More Crystal

To learn more about Crystal, you can check out the project’s GitHub, Documentation, Twitter, or even the Gitter chatroom! I think you’ll find a wonderful, helpful community that is doing really awesome things with a beautiful language.

Closing Thoughts

Maybe I should make an application with electronJS or something to visualize packets not just on the command-line. Like a rainbow Wireshark. Rainbow shark. 🌈 🦈

I promise there’s applications to this color packet analysis practice other than just rainbow vomit. 😂

Are there applications for this practice? I think there very well could be. Specifically in helping determine patterns visually outside of simply parsing packets into a known structure like Wireshark or PacketGen does. I think is really more of an aide to traditional packet analysis than a replacement.

It’s also really cool to look at.

Until next time, that’s all folks!