A real-time network traffic analyzer for security monitoring, protocol analysis, and threat detection. Built with Scapy for packet capture and designed for use by security professionals and network administrators.
- Live Packet Capture -- Sniff traffic on any network interface with BPF filter support
- Protocol Breakdown -- Classifies packets across TCP, UDP, ICMP, DNS, HTTP, and ARP
- Real-Time Statistics -- Packets/sec, bytes/sec, top talkers, top destinations
- DNS Query Logging -- Records all observed DNS queries with timestamps and source IPs
- Suspicious Activity Detection -- Heuristic alerts for port scans and traffic spikes
- JSON Report Export -- Full session data exported to a structured JSON file
- Color-Coded Output -- Clean terminal output with severity-based color highlighting
git clone https://github.com/joemunene/Network-Traffic-Analyzer.git
cd Network-Traffic-Analyzer
pip install -r requirements.txtPacket capture requires libpcap:
# Debian / Ubuntu
sudo apt-get install libpcap-dev
# macOS
brew install libpcap
# Windows -- install Npcap from https://npcap.comRoot privileges are required for raw packet capture.
# Basic capture on eth0 for 30 seconds, save report
sudo python3 analyzer.py --interface eth0 --timeout 30 --output report.json
# Capture 500 packets on wlan0 with verbose per-packet output
sudo python3 analyzer.py -i wlan0 -c 500 --verbose
# Filter to HTTP traffic only
sudo python3 analyzer.py -i eth0 --filter "tcp port 80" -t 60
# List available network interfaces
python3 analyzer.py --list-interfaces| Flag | Description |
|---|---|
-i, --interface |
Network interface (default: system default) |
-c, --count |
Stop after N packets (0 = unlimited) |
-t, --timeout |
Stop after N seconds (0 = unlimited) |
-o, --output |
Path for JSON report file |
-f, --filter |
BPF filter expression |
-v, --verbose |
Print each packet as captured |
--list-interfaces |
Show available interfaces and exit |
============================================================
Capture Summary
============================================================
Duration : 30.0s
Total packets : 1,247
Total bytes : 892.3 KB
Avg rate : 41.6 pkt/s | 29.7 KB/s
Protocol Breakdown
Protocol Packets Percent
---------- ---------- ----------
TCP 834 66.9%
UDP 298 23.9%
DNS 87 7.0%
ICMP 28 2.2%
Top Sources
IP Address Packets
-------------------- ----------
192.168.1.105 412
10.0.0.1 198
Security Alerts (1)
[HIGH] PORT_SCAN: 25 unique destination ports probed (src: 10.0.0.55)
The --output flag writes a JSON report containing:
- Session metadata (timestamp, duration)
- Traffic summary (totals, rates)
- Protocol distribution
- Top source and destination IPs
- DNS query log
- Security alerts
This tool is intended for authorized use only. You must have explicit permission to capture and analyze traffic on any network. Unauthorized interception of network traffic may violate local, state, and federal laws.
Use responsibly and only on networks you own or have written authorization to monitor.
This project is licensed under the MIT License. See LICENSE for details.