A comprehensive network packet analysis tool with machine learning-based classification and real-time visualization capabilities.
- Real-time Packet Capture: Capture and analyze network packets in real-time
- Machine Learning Classification: Automatic packet classification using trained ML models
- Interactive GUI: Modern dark-themed interface with interactive charts and statistics
- Protocol Analysis: Support for IPv4, IPv6, TCP, UDP, ICMP, DNS, HTTP, HTTPS, ARP
- Intrusion Detection: Basic signature-based intrusion detection capabilities
- Data Visualization:
- Interactive pie charts for protocol distribution
- Bar charts for classification statistics
- Real-time updating statistics tables
- Search Functionality: Search through captured packets and classifications
- Export Capabilities: Save analysis results and packet summaries
- Python 3.7+
- Wireshark/tshark installed on your system
- Required Python packages (see requirements.txt)
-
Clone the repository
git clone https://github.com/Arasoul/Network-Packet-Analyzer.git cd Network-Packet-Analyzer -
Install Python dependencies
pip install -r requirements.txt
-
Install Wireshark
- Download and install Wireshark from https://www.wireshark.org/
- Make sure
tshark.exeis accessible in your system PATH, or update the path in the configuration
-
Download NLTK data (if not already installed)
import nltk nltk.download('punkt')
Update the tshark path in the main script if needed:
pyshark.tshark.tshark_path = r"path\to\your\tshark.exe"-
Run the application
python packet_sniffer_gui.py
-
Start packet capture
- Select your network interface
- Click "Start Capture" to begin monitoring
- Use the GUI controls to view real-time statistics
-
View Analysis
- Switch between Protocol View and Classification View
- Use interval buttons to analyze specific time periods
- Search through captured packets
- Export results for further analysis
The tool uses a pre-trained machine learning model (semantic_classifier.pkl) to classify network traffic patterns. If the ML model is not available, it falls back to rule-based classification.
- Network Layer: IPv4, IPv6, ARP, ICMP
- Transport Layer: TCP, UDP
- Application Layer: HTTP, HTTPS, DNS, FTP, SSH, SMTP, and more
Basic signature-based detection for:
- IP address spoofing
- ARP spoofing attempts
- ICMP flood attacks
- Real-time updating charts and graphs
- Interactive protocol distribution analysis
- Statistical summaries by time intervals
- Color-coded classification results
network-packet-analyzer/
├── packet_sniffer_gui.py # Main application file
├── semantic_classifier.pkl # Pre-trained ML model
├── requirements.txt # Python dependencies
├── README.md # Project documentation
├── .gitignore # Git ignore rules
└── screenshots/ # Application screenshots
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-feature) - Commit your changes (
git commit -am 'Add new feature') - Push to the branch (
git push origin feature/new-feature) - Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is for educational and authorized network analysis purposes only. Always ensure you have proper authorization before monitoring network traffic. The authors are not responsible for any misuse of this software.
- tshark not found: Make sure Wireshark is installed and tshark is in your PATH
- Permission denied: Run the application with administrator privileges for packet capture
- ML model not loading: Ensure
semantic_classifier.pklis in the same directory as the main script
- Windows: Windows 10 or later
- Memory: Minimum 4GB RAM (8GB recommended for large captures)
- Network: Administrative privileges required for packet capture
- Built with PyShark for packet capture
- Uses scikit-learn for machine learning classification
- GUI built with tkinter and matplotlib
- NLTK for text processing