connvis

WiFi device connections visualizer for those that do not have a networking degree. Where is your data flowing to?

Video (outdated)

connvis has two views: (1) sankey diagram of WiFi device connection targets and (2) geographical view and activity of targets.

connvis.webm.mov

Usage (for end user)

Connect device(s) to the WiFi network made for connvis and start experimenting.
Connvis is even more fun with friends (supports and is actually designed for multiple devices being used in parallel)!

TLDR: Basically conntrack, but it tries to not show IP-addresses (or ports because everything is 443 or proprietary), but instead it tries to show some other still useful info related to the connections.

Requirements

• conntrack kernel module (also echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct)
• dnsmasq
  • systemd (for dnsmasq journal)
• hostapd
• python3.9
• Debian Stable / Ubuntu

Usage

1. Become a WiFi router apt-get install dnsmasq hostapd, enable forwarding, etc.

2. Install dependencies

   apt-get install python3-pip whois python3-gi
   pip3 install -r requirements.txt
   

3. Download required files to data folder

4. Run python3 main.py and open the browser.

5. Follow end user usage

apt-get install python3-pip whois python3-gi
pip3 install -r requirements.txt

TODO

• pyenv / poetry
• Add connection flushing:

  connvis/Conntrack.py

  Line 392 in ee9cd87

  def kill(self, proto, src, dst, sport, dport):

• Per device view of activity / bandwidth
• New view: Per device domain resolves alone view
• Sankey connection freshness coloring
• Better purge of expired connections instead of instant disappearing
• Priority sorting domains that an IP has based on: dnsmasq latest resolved domains
• Display which domains an IP had resolved during the session
• Geovisualization show device count without popup on hotspots
• Improve hotspot visualization (labels are overlapping easily)
• Code cleanup
• Extra connection classification: file downloads (long connection and lots of bytes) or something else
• TLS SNI sniffing?
• Real time audible clicking of packets per second

Used sources

Blocklists by https://pgl.yoyo.org/adservers/ and https://someonewhocares.org and https://blocklistproject.github.io

Geolocation data provided by https://MaxMind.com and https://lite.ip2location.com ( This site or product includes IP2Location LITE data available from https://lite.ip2location.com ).

2023 updates

Switched to ethernet-passthrough. Using wireless access point separately.

Copyright

MIT

Acknowledgements

The authors gratefully acknowledge the funding provided by IDA for the development of the software. The software was developed under the Software Engineering Laboratory of Department of Computing in University of Turku.