You are actually asking two questions:
- How to discover network topology from network traces
- How to visualize discovered topology
Topology discovery
This is the hard part. The community has not yet developed reliable tools, because network traffic is so complex that it deals with crud. The most useful tool that comes to mind in this space is Bro , which creates connection logs .
Hide directly to retrieve communication graphs, i.e. graphs that show who communicates with whom. When weighing edges with some metric (number of packets / bytes / connections), you can get an idea of ββthe relative contribution of this node.
For more complex analyzes, you will have to develop some heuristics. For example, discovery of routers may include viewing packet forwarding behavior or extracting default gateways from DHCP ACK messages. Bro ("Python for the Web") allows you to codify such an analysis in a very natural way.
Graphic visualization
The low key involves creating GraphViz . Afterglow offers some packaging that makes the result more digestible. For inspiration, check out http://secviz.org/ , where you will find many examples on such charts. Most of them were created with afterglow.
There is also Gephi , a more attractive chart visualization engine that supports various graph input formats . The generated graphs look pretty fantastic and can be explored interactively .