{"id":59728,"date":"2022-11-04T15:17:49","date_gmt":"2022-11-04T07:17:49","guid":{"rendered":"https:\/\/version-2.com\/?p=59728"},"modified":"2023-07-24T18:41:30","modified_gmt":"2023-07-24T10:41:30","slug":"network-analysis-and-automation-using-python","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/11\/network-analysis-and-automation-using-python\/","title":{"rendered":"Network Analysis and Automation Using Python"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>

Introduction<\/strong><\/h1>

Some people working as a SOC (Security Operation Center) relaying on the tools\/solutions they are using in the first place for monitoring. But, some times you will need to do your own tool & automation to help you on the way you work or thinking “Your mindset”. So, this blog will explain how to use python<\/code>\u00a0with\u00a0Scapy<\/code>\u00a0library along with tcpdump to analysis our network traffic & we will write an automation to detect port scanning as i will be performing the attack on the lab that contains 2 machines (Virtual Lab<\/code>) first machine is the\u00a0Attacker<\/code>(Parrot OS) machine & the second is the\u00a0Victim<\/code>(Ubuntu).<\/p>

Why Python and Scapy ?<\/strong><\/h1>

As we all know\u00a0Python<\/code>\u00a0is widely used and the reason to choose it, Is the easy syntax. It’s not effective language in performance for sure like\u00a0C\/C++<\/code>,Go<\/code>,Rust<\/code>, etc.. But, it will not be complicated for these who want to use the easy way. Why specially\u00a0Scapy<\/code>\u00a0and not other libraries ?. Basically, the\u00a0Scapy<\/code>\u00a0library is so powerful and effective in manipulate, attack & scan networks “Low-Level library”. It’s easy to use and play with the large features. The most great thing about it is a widely used library and documentation for\u00a0Scapy<\/code>. Therefore, I will explain for you all the important usage for the library that you would need.<\/p>

Capture the traffic<\/strong><\/h1>

Now, we will set both of the machines to\u00a0Host-Only<\/code>\u00a0adapter to avoid any other additional & junk traffic on the network. So, we got the attacker machine with the following IP\u00a0192.168.11.130<\/code>\u00a0and the Victim machine with the following IP\u00a0192.168.11.131<\/code>. We will perform some\u00a0Port Scanning<\/code>\u00a0to discover the used services by the Victim machine, While we are running\u00a0tcpdump<\/code>\u00a0on it to capture the network traffic will be generated by our actions. Let’s run\u00a0tcpdump<\/code>\u00a0using the following command\u00a0tcpdump -i <Interface> -w file_name.pcap<\/code>.<\/p>

<\/p>

Basically, the\u00a0-i<\/code>\u00a0is to identify which interface the\u00a0tcpdump<\/code>\u00a0will work on and\u00a0-w<\/code>\u00a0to write the captured traffic into a file “You have to give the file name as a value”. Now, time to simulate our attack on the victim.<\/p>

<\/p>

In the above picture we perform a\u00a0Port Scanning<\/code>\u00a0using\u00a0Nmap<\/code>. As explain for the command in the screenshot:<\/p>

  • -Pn<\/code>: Disable ping request to the target.<\/li>
  • -n<\/code>: Disable DNS resolution.<\/li>
  • --open<\/code>: Display only open ports.<\/li>
  • -v<\/code>: For verbose.<\/li><\/ul>

    Results show us that\u00a0FTP<\/code>\u00a0&\u00a0SSH<\/code>\u00a0services are running.<\/p>

    The reason why i disabled the\u00a0ping<\/code>\u00a0and\u00a0dns<\/code>\u00a0requests is to reduce the traffic & You could use nmap just to scan the\u00a021\/ftp<\/code>\u00a0port also,\u00a022\/ssh<\/code>\u00a0port using the\u00a0-p<\/code>\u00a0option and give it the ports you wish to scan and separate it by\u00a0,<\/code>\u00a0(e.x:-p 21,22,80,8080<\/code>).<\/p>

    Read the traffic with<\/strong><\/h1>

    It’s the moment to analysis the traffic we captured. First, turn off\u00a0tcpdump<\/code>\u00a0using\u00a0CTRL+C<\/code>\u00a0keys. And after listening the files you will be able to see our captured file whicc is\u00a0traffic.pcap<\/code>\u00a0as we saved.<\/p>

    <\/p>

    Before we start we need\u00a0python3<\/code>\u00a0&\u00a0Scapy<\/code>\u00a0package installed. You can install\u00a0Scapy<\/code>\u00a0using\u00a0pip<\/code>\u00a0as the following\u00a0pip install scapy<\/code>. Also, you can use a text editor for your code or an IDE, I am going to use\u00a0Pycharm<\/code>\u00a0during this blog. let’s run our IDE and start coding.<\/p>

    <\/p>

    So, Lets explain the above code to understand the basics of\u00a0Scapy<\/code>.<\/p>

    import scapy.all as scapy\nimport argparse<\/code><\/pre>
    Here we import the libraries we do need, I imported\u00a0Scapy<\/code>\u00a0as it’s the main one for our topic & i used\u00a0argparse<\/code>\u00a0to parse the input using command line arguments.<\/p>
    parser = argparse.ArgumentParser()\nparser.add_argument(\"-f\", \"--file\", help=\"Read a single file.\", type=str)\nargs = parser.parse_args()<\/code><\/pre>
    We created our parser now and added an argument with type\u00a0String<\/code>. Then, we make the argument\u00a0-f<\/code>\u00a0or\u00a0--file<\/code>. Then we parsed the arguments of our parser in\u00a0args<\/code>\u00a0variable.<\/p>
    After that we created a function and naed it\u00a0Start()<\/code>\u00a0and it takes one argument called\u00a0file<\/code>\u00a0which gonna be the file path we will provide to analysis & read the data from the\u00a0pcap<\/code>\u00a0file. Now, the actual code inside our\u00a0Start()<\/code>\u00a0function.<\/p>
    • print(f\"[+] Reading: {file}\")<\/code>: Print the file path we provided.<\/li>
    • p = scapy.rdpcap(file)<\/code>: Start read the\u00a0pcap<\/code>\u00a0file and store it inside\u00a0p<\/code>\u00a0variable.<\/li>
    • packets = len(p)<\/code>: Get the length of the\u00a0pcap<\/code>\u00a0file we have read which is also the number of packets and we stored it into\u00a0packets<\/code>\u00a0variables.<\/li>
    • print(f\"[+] NUmber of packets {packets}\")<\/code>: Print the number of packets.<\/li><\/ul>
      The following lines we created a for loop in range of\u00a0packets<\/code>\u00a0number, that starts from index\u00a00<\/code>\u00a0to the\u00a0packets<\/code>\u00a0number.<\/p>
      • pkt = p[i]<\/code>: Variable\u00a0pkt<\/code>\u00a0to store the packet which the index is\u00a0i<\/code>\u00a0referees to the packet number in the packets.<\/li><\/ul>
        Now, to explain the rest of the code we need to under stand the format of the packets in\u00a0Scapy<\/code>\u00a0& how its parsing them. So, we are going to use\u00a0Scapy<\/code>\u00a0from the command Line Interface to explain it.<\/p>
        <\/p>
        In the above picture we read the\u00a0pcap<\/code>\u00a0file through the Command Line Interface for\u00a0Scapy<\/code>\u00a0inside\u00a0p<\/code>\u00a0variable and then we executed it and got the following output\u00a0<traffic.pcap: TCP:2004 UDP:6 ICMP:0 Other:0><\/code>. It tells you information about the packets inside the file like: “Numbers of TCP,UDP, ICMP & others packets”. Now, if we try to show one of the packets for example packet number\u00a01<\/code>\u00a0using\u00a0p[1]<\/code>\u00a0we will get the following results:<\/p>
        <Ether  dst=00:50:56:c0:00:01 src=00:0c:29:03:24:31 type=IPv4 |\n<IP  version=4 ihl=5 tos=0x0 len=59 id=34743 flags=DF frag=0 ttl=64 proto=udp chksum=0x1b27 src=192.168.11.130 dst=192.168.11.1 |\n<UDP  sport=50882 dport=domain len=39 chksum=0x980c |\n<DNS  id=37950 qr=0 opcode=QUERY aa=0 tc=0 rd=1 ra=0 z=0 ad=0 cd=0 rcode=ok qdcount=1 ancount=0 nscount=0 arcount=0 qd=<DNSQR  qname='deb.parrot.sh.' qtype=AAAA qclass=IN |> an=None ns=None ar=None |>>>><\/code><\/pre>
        Explainig the output:<\/p>
        • Ether<\/code>: Layer 2 captured data like MAC address.<\/li>
        • IP<\/code>: Layer 3 captured data like Source & Destination address.<\/li>
        • UDP<\/code>: Layer 4 Used protocol and the Source & Destination ports.
          The rest are additional information according to the service used and the packet data. Also, the\u00a0UDP<\/code>\u00a0could be\u00a0TCP<\/code>\u00a0depending on the used type. For example the following packet is a\u00a0TCP<\/code>\u00a0packet.<\/li><\/ul>
          <Ether  dst=00:0c:29:0b:30:bd src=00:0c:29:03:24:31 type=IPv4 |\n<IP  version=4 ihl=5 tos=0x0 len=60 id=23363 flags=DF frag=0 ttl=64 proto=tcp chksum=0x4723 src=192.168.11.130 dst=192.168.11.131 |\n<TCP  sport=56544 dport=20000 seq=1686682144 ack=0 dataofs=10 reserved=0 flags=S window=64240 chksum=0x9884 urgptr=0 options=[('MSS', 1460), ('SAckOK', b''), ('Timestamp', (17410562, 0)), ('NOP', None), ('WScale', 7)] |>>><\/code><\/pre>
          Why we needed to know this ?, Cause when you want informations from the packet you have to specify the\u00a0Layer<\/code>\u00a0you want data from and what data do you want for instance, You want the\u00a0Destination port<\/code>. So, we gonna fetch it as this\u00a0packet[\"TCP\"].dport<\/code>. (packet[\"Layer\"].key<\/code>).<\/p>
          Now, Back to the rest of our code. we made an exception here in the following code:<\/p>
          First, it’s gonna try to check if the packet is\u00a0TCP<\/code>\u00a0and will print the packet information with type\u00a0TCP<\/code>. If not the exception will print it as\u00a0UDP<\/code>\u00a0type.<\/p>
          try:\n    if pkt[\"TCP\"]:\n        print(\"========================================================\")\n        print(f'[+] Packt Number: {i}, Version: IPv{pkt[\"IP\"].version}, '\n              f'Type: TCP, Source IP: {pkt[\"IP\"].src}, '\n              f'Destination IP: {pkt[\"IP\"].dst}, Source Port: {pkt.sport},  Destination Port: {pkt.dport}')\n        print(\"========================================================\")\nexcept:\n    print(\"========================================================\")\n    print(f'[+] Packt Number: {i}, Version: IPv{pkt[\"IP\"].version}, '\n          f'Type: udp, Source IP: {pkt[\"IP\"].src}, '\n          f'Destination IP: {pkt[\"IP\"].dst}, Source Port: {pkt.sport},  Destination Port: {pkt.dport}')\n    print(\"========================================================\")<\/code><\/pre>
          The information that will be printed:<\/p>
          • Packt Number: {i}<\/code>: Packet number.<\/li>
          • pkt[\"IP\"].version<\/code>: IP version\u00a0v4<\/code>\/v6<\/code>.<\/li>
          • pkt[\"IP\"].src<\/code>: Source IP.<\/li>
          • pkt[\"IP\"].dst<\/code>: Destination IP.<\/li>
          • pkt.sport<\/code>: Source Port.<\/li>
          • pkt.dport<\/code>: Destination Port.<\/li><\/ul>
            Running the code and the results:<\/p>
            <\/p>
            Here we do grep from the shell to get the lines contain\u00a0udp<\/code>\u00a0which are the\u00a0UDP<\/code>\u00a0packets and it’s include all the information we added to the could to be printed.<\/p>
            Manual Analysis for Port Scan traffic<\/strong><\/h1>
            After all what we go through. Now, it’s the time to analysis our captured file manually using wireshark to see how the port scanning we performed is working and the traffic of the opened & closed ports. Then, we will use\u00a0Scapy<\/code>\u00a0to automate the detection of port scanning. run\u00a0wireshark<\/code>\u00a0from the command line and provide the file to it\u00a0wireshark file.pcap<\/code><\/p>
            <\/p>
            we can see a big traffic and to make the analysis more easy we gonna to compare the open ports traffic with the closed one.<\/p>
            <\/p>
            Using the\u00a0tcp.port==22<\/code>\u00a0will show us traffic of port\u00a022<\/code>\u00a0which is\u00a0SSH<\/code>\u00a0protocol. We can see that the attacker\u00a0192.168.11.130<\/code>\u00a0connecting to\u00a0192.168.11.131<\/code>\u00a0which is the victim on port\u00a022<\/code>\u00a0as the following:<\/p>
            • Attacker Sends connection request on port\u00a022<\/code>\u00a0along with\u00a0SYN<\/code>\u00a0flag<\/li><\/ul>
              Attacker => SYN => Victim<\/code><\/pre>
              • Victim response with\u00a0SYN\/ACK<\/code>\u00a0flags which means the port is open<\/li><\/ul>
                Victim => SYN\/ACK => Attacker<\/code><\/pre>
                • Attacker send\u00a0ACK<\/code>\u00a0flag which now is fully connected and can start use the service<\/li><\/ul>
                  Attacker => ACK => Victim<\/code><\/pre>
                  • At the end attacker send\u00a0RST\/ACK<\/code>\u00a0which will close the connection with the victim<\/li><\/ul>
                    Attacker => RST\/ACK => Victim<\/code><\/pre>
                    The above analysis was for an open port. So, let’s see how is it for a closed one for example one of the ports we know it’s closed like\u00a08080<\/code>\u00a0let’s filter it out using\u00a0tcp.port==8080<\/code>.<\/p>
                    <\/p>
                    • Attacker Sends connection request on port\u00a08080<\/code>\u00a0along with\u00a0SYN<\/code>\u00a0flag<\/li><\/ul>
                      Attacker => SYN => Victim<\/code><\/pre>
                      • Victim Response\u00a0RST\/ACK<\/code>\u00a0which means that no open ports<\/li><\/ul>
                        Victim => RST\/ACK => Attacker<\/code><\/pre>
                        After we knew the behaviour for both open\/closed ports in the traffic. Therefore, Let’s automate the detection.<\/p>
                        Automated Analysis & Detection<\/strong><\/h1>
                        From what we understand in the manual analysis we can check the flags for ports packets detect port scanning by analysis the attempts of connection on different ports. So, lets take the short path and search for failed connections in the packets and see if it’s for the same\u00a0IP<\/code>.<\/p>
                        import scapy.all as scapy\nimport argparse\n\nparser = argparse.ArgumentParser()\nparser.add_argument(\"-f\", \"--file\", help=\"Read a single file.\", type=str)\nargs = parser.parse_args()\n\nflag = []\n\ndef check_flags(attacker, server, port):\n    if flag[0] == \"S\" and flag[1] == \"RA\":\n        print(f'[!] Failed connection: {attacker} ====> {server}:{port}')\n\n\ndef Start(file):\n    print(f\"[+] Reading: {file}\")\n    p = scapy.rdpcap(file)\n    packets = len(p)\n    print(f\"[+] NUmber of packets {packets}\")\n\n    for port in range(0, 65536):\n        for i in range(0, packets):\n            pkt = p[i]\n\n            try:\n                if pkt.sport == port or pkt.dport == port:\n                    if pkt.dport == port:\n\n                        flag.append(str(pkt[\"TCP\"].flags))\n                    elif pkt.sport == port:\n                        flag.append(str(pkt[\"TCP\"].flags))\n                        check_flags(pkt[\"IP\"].dst, pkt[\"IP\"].src, port)\n                        flag.clear()\n\n            except:\n                pass\n\n\nStart(args.file)<\/code><\/pre>
                        The code will print the failed packets that try to connect to a closed port and print us out the results.<\/p>
                        Let’s explain the code:
                        There are some parts of the code are the same to the above one. So, Just the new added lines will be explained<\/code><\/p>
                        • flag= []<\/code>: created array.<\/li>
                        • for port in range(0, 65536):<\/code>\u00a0A for loop in range of all the ports number in the exist. The following lines we created a for loop in range of\u00a0packets<\/code>\u00a0number, that starts from index\u00a00<\/code>\u00a0to the\u00a0packets<\/code>\u00a0number. Therefore, we gonna take all packets and check if the\u00a0Source Port<\/code>\u00a0or\u00a0Destination Port<\/code>\u00a0in it is equal to our port number. Then, as the\u00a0Destination Port<\/code>\u00a0is the first sent in the packet which will carry the\u00a0SYN<\/code>\u00a0flag with it as a try to connect to this port, we gonna save it’s flag in the array first. A\u0628ter that we save the flag coming from the\u00a0Server<\/code>\u00a0which come on the same port as a\u00a0Source Port<\/code>. then we call the function\u00a0check_flags<\/code>\u00a0and pass the arguments to it. What this function do is the following:<\/li><\/ul>
                          def check_flags(attacker, server, port):\n    if flag[0] == \"S\" and flag[1] == \"RA\":\n        print(f'[!] failed connection: {attacker} ====> {server}:{port}')<\/code><\/pre>
                          This function is taking 3 arguments which is the\u00a0Attacker IP<\/code>,\u00a0Server IP<\/code>\u00a0& the\u00a0port<\/code>\u00a0number. After that it checks if the first & second elements of the array\u00a0flag<\/code>\u00a0is equal to\u00a0S<\/code>\u00a0&\u00a0RA<\/code>
                          Which means a failed connection on a closed port.<\/p>
                          • flag.clear()<\/code>: clear the array after check.<\/li><\/ul>
                            Running the script:<\/p>
                            <\/p>
                            As you can see a lot of failed connections from the same IP address on different ports. If you look clearly on the picture. You will see that port\u00a022<\/code>\u00a0not here cause it’s an open port and created a success connection.<\/p>
                            Conclusion<\/strong><\/h1>
                            At the end\u00a0Port Scanning<\/code>\u00a0has a lot of types and what we saw in the blog was just an example. I would recommended that you go though\u00a0Scapy<\/code>\u00a0documentation and try to perform different scanning types on your environment and analysis the traffic manually then automate it. Therefore, you will be able to detect that scan type.<\/p>
                            #python #network #scanning #nmap<\/p><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                            \n\t\t\t\t
                            \n\t\t\t\t\t\t\t
                            \t\t
                            \n\t\t\t\t\t\t
                            \n\t\t\t\t\t\t
                            \n\t\t\t\t\t
                            \n\t\t\t
                            \n\t\t\t\t\t\t
                            \n\t\t\t\t
                            \n\t\t\t\t\t
                            About Version 2 Digital<\/h3>
                            Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

                            \nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t
                            \n\t\t\t\t\t\t
                            \n\t\t\t\t\t\t
                            \n\t\t\t\t\t
                            \n\t\t\t
                            \n\t\t\t\t\t\t
                            \n\t\t\t\t
                            \n\t\t\t\t\t\t\t\t\t
                            <\/p>\n
                            About VRX<\/b>
                            VRX <\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"
                            Introduction Some people working as a SOC (Security Ope […]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-59728","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"\nNetwork Analysis and Automation Using Python - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Network Analysis and Automation Using Python - Version 2\" \/>\n<meta property=\"og:description\" content=\"Introduction Some people working as a SOC (Security Ope […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-04T07:17:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-24T10:41:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/network-analysis-and-automation-using-python\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Network Analysis and Automation Using Python\",\"datePublished\":\"2022-11-04T07:17:49+00:00\",\"dateModified\":\"2023-07-24T10:41:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/network-analysis-and-automation-using-python\\\/\"},\"wordCount\":1586,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/11\\\/network-analysis-and-automation-using-python\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1\",\"name\":\"Network Analysis and Automation Using Python - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max\",\"datePublished\":\"2022-11-04T07:17:49+00:00\",\"dateModified\":\"2023-07-24T10:41:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/network-analysis-and-automation-using-python-1#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Network Analysis and Automation Using Python\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Network Analysis and Automation Using Python - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1","og_locale":"zh_HK","og_type":"article","og_title":"Network Analysis and Automation Using Python - Version 2","og_description":"Introduction Some people working as a SOC (Security Ope […]","og_url":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1","og_site_name":"Version 2","article_published_time":"2022-11-04T07:17:49+00:00","article_modified_time":"2023-07-24T10:41:30+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"13 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/11\/network-analysis-and-automation-using-python\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Network Analysis and Automation Using Python","datePublished":"2022-11-04T07:17:49+00:00","dateModified":"2023-07-24T10:41:30+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/11\/network-analysis-and-automation-using-python\/"},"wordCount":1586,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/11\/network-analysis-and-automation-using-python\/","url":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1","name":"Network Analysis and Automation Using Python - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max","datePublished":"2022-11-04T07:17:49+00:00","dateModified":"2023-07-24T10:41:30+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cla1tkykn1y040kqre6yyh0fq.png?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/network-analysis-and-automation-using-python-1#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Network Analysis and Automation Using Python"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fxm","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=59728"}],"version-history":[{"count":9,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59728\/revisions"}],"predecessor-version":[{"id":69466,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/59728\/revisions\/69466"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=59728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=59728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=59728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}