DEV Community

Jessica Taylor
Jessica Taylor

Posted on

Advanced Network Monitoring with Python: Detection, Scoring, and Visualization

Building on basic network scanning, we can enhance our Python scripts to detect new devices, score vulnerabilities, and even visualize network health. This demonstrates real-world skills in cybersecurity automation and data-driven problem solving.

Step 1: Detecting New Devices

Tracking devices over time helps spot unexpected or rogue devices on your network. We can do this by maintaining a list of known hosts and comparing it with each new scan:

import nmap
import json

scanner = nmap.PortScanner()
scanner.scan('192.168.1.0/24', '22,80,443')

# Load known hosts from file
try:
    with open('known_hosts.json') as f:
        known_hosts = json.load(f)
except FileNotFoundError:
    known_hosts = []

current_hosts = scanner.all_hosts()
new_hosts = [host for host in current_hosts if host not in known_hosts]

if new_hosts:
    print("New devices detected:", new_hosts)

# Update known hosts file
with open('known_hosts.json', 'w') as f:
    json.dump(current_hosts, f)
Enter fullscreen mode Exit fullscreen mode

This simple system flags any new host that wasn’t previously on your network, a first line of defense against unauthorized access.

Step 2: Vulnerability Scoring

Not all open ports are equally dangerous. We can assign a risk score based on known vulnerabilities:

risk_scores = {'22': 9, '80': 5, '443': 3}  # Example scoring

for host in scanner.all_hosts():
    for port in scanner[host]['tcp'].keys():
        state = scanner[host]['tcp'][port]['state']
        score = risk_scores.get(str(port), 1)  # Default low risk
        print(f'Host: {host}, Port: {port}, State: {state}, Risk Score: {score}')

Enter fullscreen mode Exit fullscreen mode

This approach gives you a quantitative view of network risks, helping prioritize remediation efforts.

Step 3: Visualization with Matplotlib

Visualizing the network can make patterns or anomalies easier to spot:

import matplotlib.pyplot as plt

hosts = scanner.all_hosts()
scores = []

for host in hosts:
    total_score = sum(risk_scores.get(str(port), 1) 
                      for port in scanner[host]['tcp'].keys())
    scores.append(total_score)

plt.bar(hosts, scores, color='orange')
plt.xlabel('Host')
plt.ylabel('Vulnerability Score')
plt.title('Network Vulnerability Overview')
plt.show()
Enter fullscreen mode Exit fullscreen mode

Now you can see which devices are most at risk at a glance. Visualization is especially useful for team presentations or reporting to management.

Step 4: Automatic Alerts

Combine new device detection and vulnerability scoring to send alerts if thresholds are exceeded:

import requests

webhook_url = 'https://hooks.slack.com/services/XXX/YYY/ZZZ'

for i, host in enumerate(hosts):
    if scores[i] > 8 or host in new_hosts:
        message = {'text': f'Alert: Host {host} flagged! Risk Score: {scores[i]}'}
        requests.post(webhook_url, json=message)
Enter fullscreen mode Exit fullscreen mode

This ensures your team receives immediate updates when significant events occur.

Step 5: Scaling the Solution

Once your script is working, you can:

Schedule scans to run daily or hourly using cron (Linux) or Task Scheduler (Windows).

Integrate with databases to store historical scan data for trend analysis.

Add API integrations to cross-reference CVEs for ports/services detected.

Use dashboards like Grafana or Plotly for interactive visualizations.

Takeaway

This advanced network monitoring project highlights:

Automated detection of new devices

Risk-based vulnerability scoring

Visualization of network health

Real-time alerting to Slack

By sharing these kinds of projects, you demonstrate both technical skill and practical problem-solving, which is exactly what employers and collaborators look for in cybersecurity and cloud security roles.

Top comments (0)