Network Monitoring Tool

Project Overview

This project is a lightweight, advanced network monitoring system designed to capture, analyze, and visualize local network traffic in real-time. Built in Python using the Scapy library, this tool enables administrators to instantly identify suspicious activities (such as port scans, ARP spoofing, or DDoS attacks) and receive immediate alerts.

The system features a modern real-time interactive dashboard built with Flask and PostgreSQL, providing deep insights and allowing forensic analysis of captured packets.

Technical Details

Technologies Used

Python Scapy Wireshark Machine Learning Flask PostgreSQL Network Security

Project Duration

6 months (May - October 2022)

Challenges and Solutions

The technical challenges resolved include:

Optimizing the performance of Scapy network sniffing in Linux to prevent packet drops on high-throughput interfaces.
Detecting threat signatures using a lightweight machine learning classification model analyzing packet frequencies and formats.
Managing automatic capture rotation of large PCAP files to optimize host storage footprint.

Code Examples

Scapy Packet Sniffer Implementation

from scapy.all import sniff, IP, TCP
  
def packet_callback(packet):
    if packet.haslayer(IP) and packet.haslayer(TCP):
        ip_src = packet[IP].src
        ip_dst = packet[IP].dst
        sport = packet[TCP].sport
        dport = packet[TCP].dport
        if packet[TCP].flags == "S":
            print(f"[!] SYN Packet: {ip_src}:{sport} -> {ip_dst}:{dport}")
  
sniff(filter="tcp", prn=packet_callback, store=0)

Passive light-weight Python packet capture script for early TCP SYN scanning detection.

Project Gallery

Network traffic real-time visualization dashboard

Conclusion and Results

The tool proved highly efficient, reducing the detection time of hostile network scanning to under 2 seconds. It offers a free, customizable, lightweight alternative to commercial enterprise monitoring suites.