Network Monitor - Specifications and Installation Guide

IMPORTANT WARNING!

The automatic version will BLOCK ALL SUSPICIOUS CONNECTIONS WITHOUT ASKING.

For advanced users only with experience in:

• Firewall configuration
• Network troubleshooting
• Whitelist/Blacklist management

May interrupt critical services if not configured correctly.

🔄 STEP 1: Prerequisites

What is it? These are the necessary dependencies to compile and run the network monitor.

Requirements:

• Windows 7 or higher (operating system)
• Administrator privileges (for firewall and network monitoring)
• Internet connection (for IP geolocation)
• Go 1.19 or higher (to compile source code)

Go Verification:

go version

If you don't have Go installed, download it from: https://golang.org/dl/

🔄 STEP 2: Project Structure

What is it? This is the organization of files and folders of the network monitor.

File Structure:

Network-Monitor/
├── network-monitor_Auto/        # Automatic version (blocking without confirmation)
│   ├── network-monitor_Auto.go  # Main source code
│   ├── build.txt               # Build command
│   ├── go.mod                   # Go modules
│   └── go.sum                   # Dependency hashes
├── network-monitor_Manual/      # Manual version (requires approval)
│   ├── network-monitor_Manual.go # Main source code
│   ├── web.go                   # Web server for dashboard
│   ├── dashboard.html           # Modern web interface
│   ├── build.txt               # Build command
│   ├── go.mod                  # Go modules
│   ├── go.sum                  # Dependency hashes
├── README.md                 # Installation and usage guide
└── LICENSE.txt               # Software license

🔄 STEP 3: Monitor Compilation

What is it? This is the process of converting source code into an executable.

Compilation Steps:

1. Open terminal or PowerShell as administrator

2. Navigate to the desired folder:

cd "c:\to\path\Network-Monitor with  AI\network-monitor_Manual"

3. Compile the manual version:

go build -ldflags="-s -w" -o network-monitor_Manual.exe network-monitor_Manual.go web.go

4. Verify executable created:

dir network-monitor_Manual.exe

🔄 STEP 4: Initial Configuration (DO NOT Create, for reference only)

What is it? This is the preparation of security lists and basic configuration.

Configuration Files:

whitelist.txt (Allowed IPs)

# Example whitelist (allowed IPs)
192.168.1.1
10.0.0.1
127.0.0.1

blacklist.txt (firewall will block whatever you place here)

# Format: IP | Process | Organization | Reason | Effects
1.1.1.1 | malware.exe | Hacker Inc. | Malware | None
2.2.2.2 | * | Suspicious Network | Preventive Block | Possible service interruption

🔄 STEP 5: Execution and Usage

What is it? This is starting the monitor and using the web dashboard.

Execution Steps:

1. Run as administrator:

# In PowerShell as administrator
.\network-monitor_Manual.exe

2. Automatic Web Dashboard:

   • Opens automatically at http://localhost:8080
   • Modern interface with real-time updates
   • Visualization of connections, lists, and statistics

3. Terminal Monitoring:

   • You'll see real-time logs
   • Suspicious connection alerts
   • Manual blocking options

🔄 STEP 6: Advanced Features

What is it? These are the enhanced functionalities of this version.

Modern Web Dashboard

• Responsive interface with professional dark design
• Automatic updates every 5 seconds
• Real-time filters by status, IP, process
• Geolocation visualization with integrated maps
• Data export in CSV and JSON

Enhanced Logging System

• Multiple formats: TXT, CSV, JSON
• Organized sessions by date and time
• Direct integration with web dashboard
• Advanced search and filtering

Intelligent Connection Control

• Automatic anomaly detection
• Validation of trusted executable hashes
• Geolocation with cache to optimize performance
• Windows Firewall integration

🔄 STEP 7: Maintenance and Security

What is it? These are best practices to keep the system secure.

Security Recommendations:

• Review logs regularly (daily if possible)
• Keep lists updated with new known IPs
• Validate system executable hashes
• Monitor system performance

General Description

Security application that monitors network connections in real-time, developed in Go for Windows with modern web dashboard.

Key Features

• Real-time Monitoring

  • Active TCP connections
  • Associated processes
  • Anomaly detection

• Modern Web Dashboard

  • Responsive interface with automatic updates
  • Real-time connection visualization
  • Advanced filters and search
  • Data export in multiple formats

• Access Control

  • Whitelist (Allowed IPs)
  • Blacklist (Blocked IPs/processes)
  • Unknown connections list
  • Executable hash validation

• Geolocation

  • Remote IP location
  • Built-in cache for performance
  • API query limits
  • Map visualization

• Firewall

  • Automatic/Manual blocking
  • Windows Firewall integration
  • Detailed logging
  • Change reversal

Main Components

1. Storage

• Configuration file management
• Persistent storage for lists and logs
• Secure synchronization for concurrent access
• Support for multiple formats (TXT, CSV, JSON)

2. GeoLocator

• IP geolocation information query
• Cache system for improved performance
• Query rate limiting
• Web dashboard integration

3. Firewall

• Blocking unauthorized connections
• Operating system integration
• Block event logging
• Web interface for management

4. Connection Monitor

• Continuous network connection monitoring
• Anomaly detection
• Critical event management
• Process hash validation

5. Web Server (web.go)

• Real-time dashboard at localhost:8080
• REST API for data queries
• Automatic updates every 5 seconds
• Modern and responsive interface

Available Versions

1. Automatic Version

• Automatic blocking without confirmation
• Ideal for:
  • Expert users
  • Strict protection
  • Immediate response
• Risks:
  • May block legitimate services
  • Requires careful configuration

2. Manual Version (Recommended)

• Full user control
• Modern web dashboard included
• Ideal for:
  • Environments requiring review
  • Users who prefer full control
  • Minimizing false positives
  • Real-time visualization

Limitations

• Possible false positives/negatives
• Performance on systems with many connections
• UAC permission dependency
• Requires Internet connection for geolocation

Common Troubleshooting

Problem: "Access denied"

Solution: Run as administrator

Problem: "Dashboard doesn't open"

Solution: Verify that port 8080 is available

Problem: "Geolocation doesn't work"

Solution: Check Internet connection and API limits

Problem: "High CPU usage"

Solution: Reduce monitoring frequency in configuration

🔧 How to Reduce CPU Usage:

To reduce the monitoring frequency and decrease CPU usage, you can modify the value in that line:

Location: network-monitor_Manual.go - Function StartMonitoring()

Current code:

ticker := time.NewTicker(100 * time.Millisecond) // 100ms detection

Recommended options:

1. Low CPU usage (recommended):

   ticker := time.NewTicker(500 * time.Millisecond) // 500ms detection

2. Very low CPU usage:

   ticker := time.NewTicker(1000 * time.Millisecond) // 1 second detection

3. Minimum CPU usage:

   ticker := time.NewTicker(2000 * time.Millisecond) // 2 seconds detection

Steps to Modify:

1. Open the file network-monitor_Manual.go
2. Search for the function StartMonitoring()
3. Locate the line with time.NewTicker(100 * time.Millisecond)
4. Change 100 * time.Millisecond to one of the suggested values
5. Save the file
6. Recompile with the command:

   go build -ldflags="-s -w" -o network-monitor_Manual.exe network-monitor_Manual.go web.go

⚠️ Note: Higher value = lower CPU usage but slower detection of suspicious connections.

Reasons for not making it open source:

https://www.youtube.com/watch?v=hbbXzuLOyJ0

https://www.youtube.com/watch?v=alfIxtD9CKM