New Feature Suggestion: Network Topology Visualization with Interactive Capabilities #2709
Comments
|
Can you share how you see this being different then the connections tab? |
|
My apologies. I guess I am not asking for a "new" feature, but an enhancement of the Connections feature. Maybe some enrichment to the interface, such as (if possible) icons vs dots. These icons could represent hosts vs networking equipment. I am envisioning an interface similar to what Endgame/Elastic Agent EDR does for processes, but for networks. |
|
That image looks like it might be some process map and not network topology? But I think what you are asking for isn't possible with Arkime since it is a passive listener on the network and not an Agent. Connections can already show ips that talk to each other, but maybe I'm still not understand what you are asking for. Are you asking for us to detect if there are switchs/routers between hosts and show those? |
|
I guess a refined ask would be for an ability to categorize the hosts (manually or automated). If I could, say, change an icon for a known host to a switch or router, then this could greatly enhance network mapping efforts. Possibly a way to export/import saved configurations. Allowing for users to build more context into the depiction generated by the connections feature. |
|
So we've talked about assigning icons either manually or based on another field in the session data, and that would be a good feature. I think the Elastic graph viewer can do this. However, this will not show physical network topology. If host X is talking to host Z with network device Y between, you will never see network device Y traffic. (well, unless someone accesses the control plane of Y, but that is different.) We will only be able to show a connection between X and Z. We MIGHT be able to infer a Y using ttl counts and other things, but it isn't going to be exact and I'm not sure useful. Arkime would need to have an active portion and/or an agent to do physical network topology that contains network devices. Now if you don't want to show network devices and only wanted to show logical network diagram that is also something we've talked about making better, but haven't gotten around to. You can already use connections for this. |
I would like to suggest the development of a new feature that allows for the visualization of network topology based on analyzed traffic data, sort of an automated network map generator. This feature should create a detailed graphical representation of the network's logical layout, highlighting the connections between nodes and the overall network structure. Adding the ability for users to manipulate this graphical representation (similar to the ability present with the Connections tab) would be invaluable for in-depth network analysis and understanding.
The text was updated successfully, but these errors were encountered: