A Python-powered Network Traffic Analyzer that captures real-time network packets, classifies payloads, maps geolocations of IP addresses, and detects suspicious traffic.
Designed for cybersecurity research, educational purposes, and network monitoring.
- π‘ Live Packet Sniffing using Scapy
- π IP Geolocation Lookup via ipinfo.io & ip-api.com
- πΌ Payload Classification:
- Websites
- Images
- Videos
- File downloads
- JSON/API data
- Encrypted or unknown payloads
- πΊ Interactive Map of network connections (powered by Folium)
β οΈ Malicious IP Detection (customizable ruleset)- π Traffic Dashboard with packet count & protocol breakdown
- π¨ Colored Console Output using Colorama
| Technology | Purpose |
|---|---|
| Python 3 | Core programming language |
| Scapy | Packet sniffing & manipulation |
| Requests | HTTP requests for APIs |
| Folium | Interactive maps |
| Colorama | Console color formatting |
| ipinfo.io | IP-to-country lookups |
| ip-api.com | Location & ISP data |
| Datetime | Timestamp management |
| Regex (re) | IP & protocol parsing |
| JSON | Data serialization |
git clone https://github.com/yourusername/network-traffic-analyzer.git
cd network-traffic-analyzerpython -m venv venv
source venv/bin/activate # Linux/Mac
venv\Scripts\activate # Windowspip install -r requirements.txtRun the analyzer (requires Admin/Root privileges):
sudo python main.py # Linux/Mac
python main.py # Windows (Run as Administrator)- Starts sniffing packets for 15 seconds
- Logs each packetβs source, destination, and protocol
- Detects payload type (if present)
- Saves logs to packets.txt
- Generates network_map.html (interactive map)
- Scans for malicious IPs β logs in alerts.json
- Creates a dashboard summary in stats.json
Network Traffic Analyzer Started!
From: 192.168.1.5 (US) --> To: 142.250.190.78 (US) | Protocol: TCP
Payload: b'GET / HTTP/1.1\r\nHost: www.google.com\r\n\r\n'
Payload Type: Website/Surfing
Dashboard:
Total Packets: 128
TCP: 97 packets
UDP: 23 packets
ICMP: 8 packets
After execution, open network_map.html in your browser.
Each detected IP is marked with:
- π Location (latitude/longitude)
- π Country
- π’ ISP/Organization
The script checks against a predefined list:
known_malicious = ["1.2.3.4", "123.123.123.123"]If a match is found:
- π© Printed as alerts
- π Logged in alerts.json
β‘οΈ You can expand this list using threat intelligence feeds.
- Linux/Mac: Run with
sudo - Windows: Run terminal as Administrator
β οΈ Do NOT use this tool on networks you donβt own or have explicit permission to analyze.
This project is licensed under the MIT License.
You are free to use, modify, and distribute it with attribution.
This tool is intended for educational & research purposes only.
Unauthorized monitoring or traffic interception may violate privacy laws or policies.
β
Use only on networks where you have explicit permission.