A Python-based tool for capturing, analyzing, and visualizing real-time network traffic.
It provides insight into protocol distribution, source and destination IPs, and detects potentially suspicious activity such as high-frequency or large packet transmissions.
The Network Packet Analyzer is designed to simulate a simplified version of Wireshark for educational and research purposes.
It captures live TCP/UDP packets from a system interface, logs relevant details, and visualizes them through an interactive Streamlit dashboard.
The project combines:
- Low-level network packet sniffing using Scapy
- Data analysis and anomaly detection in Python
- Real-time interactive visualization using Streamlit
- Live Packet Capture: Capture TCP, UDP, and other packets in real-time.
- Custom Filters: Filter packets by protocol, IP, or port before capture.
- Anomaly Detection: Identify suspicious patterns such as DoS-like traffic or large packet sizes.
- Dashboard Visualization: Interactive charts for protocol and IP analysis.
- Data Export: Download captured packet logs in CSV format.
- Modular Architecture: Separate modules for capture, analysis, and visualization.
network-packet-analyzer/
│
├── main.py # Core packet capture logic
├── analyzer.py # Suspicious traffic detection
├── utils.py # Helper for filter construction
├── dashboard.py # Streamlit dashboard for visualization
│
├── data/
│ ├── .gitkeep
│ ├── packet_log.csv # Runtime-generated log (ignored by Git)
│ └── suspicious_log.csv # Runtime-generated suspicious log (ignored by Git)
│
├── requirements.txt # Dependencies
├── .gitignore # Ignore runtime and environment files
└── README.md # Project documentation
- Python 3.8 or above
- pip package manager
- Administrative / root privileges (for packet capture)
# Clone the repository
git clone https://github.com/Krixna-Kant/network-packet-analyzer.git
cd network-packet-analyzer
# Create virtual environment
python -m venv venv
# Activate (Windows)
venv\Scripts\activate
# Activate (macOS/Linux)
source venv/bin/activate
# Install dependencies
pip install -r requirements.txtRun the main script to start packet capture:
python main.py- You can optionally filter packets by protocol, source IP, destination IP, or port.
- Captured data will be saved in
data/packet_log.csv.
Launch the Streamlit dashboard for visualization:
streamlit run dashboard.pyThe dashboard displays:
- Protocol distribution
- Top source IPs
- Suspicious packet activity
- Recent packet details
| Timestamp | Source IP | Destination IP | Protocol | Length |
|---|---|---|---|---|
| 2025-10-18 20:37:17 | 20.42.73.26 | 10.239.33.27 | TCP | 66 |
Detected suspicious packets are logged in:
data/suspicious_log.csv
- Must be run locally; network sniffing requires hardware interface access.
- Cloud deployment (e.g., Streamlit Cloud) supports dashboard visualization only with static data.
- Requires administrative privileges for packet capture.
- Scapy – for packet sniffing and network manipulation
- Streamlit – for interactive dashboard visualization
- Pandas – for data analysis and handling
Krishna Kant
B.Tech CSE | Maharaja Agrasen Institute of Technology (GGSIPU)
GitHub: https://github.com/Krixna-Kant