A professional network traffic analysis tool that combines real-time packet capture, machine learning anomaly detection, and an interactive dashboard for network monitoring and security analysis.
- Real-time Packet Analysis: Captures and analyzes network traffic in real-time
- Anomaly Detection: Uses Isolation Forest ML algorithm to detect suspicious traffic
- Port Scan Detection: Identifies port scanning attempts in real-time
- Interactive Dashboard: Live visualization of network metrics and anomalies
- Email Alerts: Configurable alerts for high anomaly rates
- PCAP Export: Save captured traffic for further analysis
- SQLite Logging: Persistent storage of packet metadata and anomalies
Core Components:
- Packet Capture: Scapy
- Dashboard: Plotly Dash
- Machine Learning: Scikit-learn
- Database: SQLite
- Email: SMTP with TLS
- Python 3.8+
- libpcap (for packet capture)
- Network interface with promiscuous mode access
- Clone the repository:
git clone https://github.com/Opikadash/network-traffic-analyzer.git
cd network-traffic-analyzer- Create and activate a virtual environment:
python -m venv venv
source venv/bin/activate # Linux/MacOS
venv\Scripts\activate # Windows- Install dependencies:
pip install -r requirements.txt- Set up environment variables:
cp .env .envEdit the .env file with your email configuration (optional)
Start the application:
python app.pyAccess the dashboard at: http://127.0.0.1:8055/
- Real-time Protocol Distribution: Visualize traffic by protocol
- Anomaly Detection Rate: See percentage of suspicious traffic
- Time-series Analysis: Track packet volume over time
- Export Functionality: Save captured packets to PCAP
- Protocol Filtering: Focus on specific protocols
Customize the analyzer by modifying these parameters in main.py:
# Analysis parameters
anomaly_threshold = 10 # % threshold for email alert
alert_interval = 300 # seconds between alerts
# Capture settings
capture_count = 10 # packets per capture batch
capture_timeout = 1 # seconds- Generate test traffic while the analyzer is running:
# Linux/MacOS
ping google.com
# Windows
ping -t google.com- Simulate a port scan (requires nmap):
nmap -T4 localhost- Check the dashboard for detected anomalies
This project demonstrates:
- Real-time Data Processing: Efficient packet handling with multi-threading
- ML Integration: Anomaly detection using Isolation Forest algorithm
- Dashboard Development: Interactive visualization with Plotly Dash
- Database Management: SQLite for persistent storage
- Security Practices: Secure SMTP communication and proper credential handling
- Production-grade Architecture: Robust error handling and graceful shutdown
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
Professional Development Notes:
This project was developed with a focus on:
- Clean, maintainable code architecture
- Comprehensive error handling
- Scalable design patterns
- Production-ready deployment considerations
- Security best practices
- Professional documentation
The implementation showcases full-stack development skills from low-level packet processing to high-level dashboard visualization, demonstrating expertise across multiple domains of software development.
network-traffic-analyzer/
├── analyzer/ # Core analysis modules
│ ├── features.py # Feature extraction
│ ├── filter_ml.py # ML anomaly detection
│ ├── portscan.py # Port scan detection
│ └── stats.py # Statistics tracking
├── results/ # Output directory (auto-created)
│ ├── captured_traffic.pcap
│ └── packet_logs.db
├── .env # Environment template
├── app.py # Main application
├── README.md # This file
└── requirements.txt # Dependencies