The network traffic logger script is a tool that cybersecurity professionals use to monitor and track network activity actively. This script runs continuously, capturing and logging information about the amount of data sent and received over the network interface. It logs the timestamp, the number of bytes sent, and the number of bytes received in a text-based log file.
The purpose of this logger is to provide a detailed record of network traffic patterns and fluctuations over time. By analyzing the logged data, cybersecurity professionals can identify anomalies, detect suspicious network behavior, and investigate potential security incidents. This tool serves as a valuable resource for maintaining network visibility, aiding in threat detection, and facilitating the analysis of network traffic for cybersecurity purposes.
import psutil
import time
def log_network_traffic(log_file):
while True:
# Get the network I/O statistics
net_io = psutil.net_io_counters()
current_time = time.strftime('%Y-%m-%d %H:%M:%S')
# Create a log entry with network traffic information
log_entry = f"{current_time} - Sent: {net_io.bytes_sent} bytes, Received: {net_io.bytes_recv} bytes\n"
# Append the log entry to the log file
with open(log_file, 'a') as file:
file.write(log_entry)
# Wait for 1 second before logging the next entry
time.sleep(1)
if __name__ == '__main__':
log_file = 'network_traffic.log'
log_network_traffic(log_file)Like the other available scripts, the first two lines import the necessary libraries to accomplish our task. We use the “Psutil” library, which provides system and process utilities, including network I/O statistics, and the “time” library, which is a standard library for working with time-related functions.
Next, we define our function for monitoring network traffic and set up a do-while loop to instruct the script to record the specified network and time information actively. We use the “net_io_counters” function from the Psutil library to capture bytes sent and received over the network interface. Then, we capture the time those bytes were sent using the time.strftime function, which formats the time as a string in the format YYYY-MM-DD HH:MM:SS.
Afterward, we start creating our text-based log by outputting the information captured using the two functions described in the previous paragraph. Subsequently, we include an entry to add new entries to the log file. In contrast to our MD5 hash script, we use the ‘a’ parameter when calling the open function to specify that we will “append” or add data to the file.
To avoid constantly writing the exact same line to our log file as quickly as possible, we introduce a 1-second delay. Finally, we check if the function is run directly and then create and run the logging script. Of course, this approach is rudimentary, and using other tools or functions to examine data across a network interface, such as TCPDUMP to create a pcap file for analysis in Wireshark, would provide a more accurate representation of network traffic monitoring.
This network traffic logger script proves invaluable for cybersecurity professionals as it enables them to actively monitor and log network traffic. By capturing and recording information about the amount of data sent and received over the network interface, the script provides a detailed log with timestamps for network activity. Analyzing this log allows cybersecurity professionals to identify patterns, detect anomalies, and investigate potential security incidents. With this script, cybersecurity professionals can gain insights into network behavior, maintain network visibility, and enhance their threat detection capabilities, thereby strengthening the security of the network infrastructure.
