Network Traffic Reporting

This workflow can be found on the KNIME Workflow Public Server under
       050_Applications/050012_Network_Traffic_Reporting

This workflow generates a report showing connection statistics of IP addresses of hosts in a computer network.

The package data of a small network has been captured using Wireshark and exported as csv. The IP addresses have been anonymized afterwards. Furthermore geo location data, such as latitude, longitude, city, country, and country flags have been assigned to the IP addresses using free, public, services, such as freegeoip.net.

Before the report is generated source IP addresses have to be specified, for which the connection statistics will be computed and visualized. The IP addresses have to be selected in the dialog of the subnode "Source IP Selection". For each source IP the top n most frequent destination ports, IPs, and assigned countries will be shown in pie charts and histograms. The number N can be specied as well in the dialog of the subnode. Additionally the geo locations of the destination IPs will be marked in an open street map visualization.

This workflow makes use of the following extensions:

  • KNIME R Statistics Integration
  • KNIME Open Street Map Integration
  • KNIME Java Script based nodes
  • KNIME Report Designer