TrafficTracker is a tool created for monitoring your network activity. It's basicly on webapp, but it's functionalitites are based on tshark. On default, it sniffs your HTTP GET-requests while browsing websites. With TrafficTracker, you can put your network activity on the map.
TrafficTracker is basicly a webapp, but it works on top of Nodejs via Websockets. Sniffing is implemented by tshark (command-line version of wireshark, similar to tcpdump etc.) and the ip-information is fetched from ip-api.com. Maps are powered by leafletjs and OpenStreetMaps.
TrafficTracker has been developed on Mac OS X and Debian Wheezy, and they have been tested to work properly on both systems.
First, you need to clone the repository on your system.
git clone https://github.com/iuuso/TrafficTracker.git
Download and install <a href"http://nodejs.org/">Nodejs.
Please note: Nodejs is very version-sensitive. TrafficTracker has been developed with the version v0.10.13. Working with different versions is not supported, and there may be some funny errors due to that.
Secondly, install npm and libraries needed for TrafficTracker.
npm install websocket
npm install execSync
npm install asyncblock
Almost there. Find and install tshark to your systems. Dependending on your system it's possible that you can find it from your distributions repos, more info and other versions from here.
Please note: In Linux, or atleast in Debian, you have mess with the privileges to get the tshark working properly with Nodejs. sudo setcap cap_net_raw=+ep /usr/bin/dumpcap . That should do it.
-
Open
traffictracker.default.jswith the text editor of choise. Change the values ofhostIPandhostInterfaceaccording to your system. -
Run the TrafficTracker server with
node server.js. You have to be in the same folder as where the server.js is. -
Open your browser and point it to
http://localhost:8080/index.html. You should now see in your terminal - where the server.js is running - that websocket is open and traffic is being sniffed. -
Now you could open up a new browser window / a different browser and surf the web. At the same time tshark is sniffing your HTTP GET-requests and TrafficTracker is displaying it on the map, with several other information about your connection.
TrafficTracker doesn't show any activity at all, although i'm creating traffic like never before!
Have you changed the hostIP and hostInterface according to your system? If those remain unchanged, you might be sniffing someone elses traffic or - in worst case scenario - nothing at all.
Please remember that TrafficTracker is meant to be used solely on the system you're maintaining. Although tshark makes sniffing someone elses traffic possible, and TrafficTracker is flexible enough to support that, it is not recommended.
Although I reload the frontpage there isn't any package movement at all!
The scripts used in TrafficTracker are loaded in a certain order. Sometimes during the development there was delay ot loading leaflet-maps. Try reloading. Tshark is ready to sniff your traffic when you see "Command received" on the terminal. That message comes from server which has received your command for sniffing traffic.
I might have a suggestion for improving TrafficTracker. Can I fork TrafficTracker?
Of course you can. You can do anything you want with this. But remember to credit the services you are using etc.
Also drop me a /msg in IRC and tell me what you forked and why. I'm really interested on what you decided to do with TrafficTracker!
I'm not interested in my HTTP GET-requests, that's silly. Can I use TrafficTracker to display anything else?
Sure, it basicly comes down to shark. Tshark is an extremely flexible sniffer, and you can use it in various different ways. Take a look at the tshark-documentation.
Only limitation is the output from tshark. The output with comma separation and every packet in a new line is something that cannot be changed - although it's allowed if you wish go down that road. Prepare to make some serious modifications to the code in that case.
But sure, you can change what you sniff actually. HTTP Get-requests are limited in this statement: port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 . Remove that, modify it, add another extra capture filter, you name it. Couple of examples can be found from here.
TrafficTracker acts funky! It crashes everytime I reload the frontpage.
What OS are you running? If it's a unix-based OS, try sudo setcap cap_net_raw=+ep /usr/bin/dumpcap . This modifies the permissions of a regular user to make network sniffing possible.
If this doesn't affect your problem anyway, try running tshark from the command line without TrafficTracker. For example, you could try tshark -c 10 -i "interface" . Replace interface with proper interface. You can list your interfaces with /sbin/ifconfig .
Argh! This doesn't make sense. I cannot get it to function at all. I'm losing my mind here.
Before you loose your mind try contacting me. I might be able to help you.
You can find me at IRC - freenode for example - by the nick iuuso.