Skip to content

Rian-Tan/packetducks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

29 Commits
demos
demos
Β 
Β 
images
images
Β 
Β 
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

PacketDuck πŸ¦†

PacketDuck is a modern, client-side Network Packet Analyzer and Threat Intelligence Dashboard. It parses PCAP files directly in the browser and leverages Google Gemini AI to provide forensic insights, risk scoring, and threat detection.

πŸš€ Features

  • Client-Side Processing: Parses .pcap files entirely in the browser. Your raw packet data stays on your machine until you explicitly choose to analyze threats.
  • AI-Powered Threat Intel: Uses Google's Gemini model to analyze traffic patterns, payload anomalies, and generate an executive security assessment. ![]
  • Interactive Timeline:
    • Attack Detection: Heuristics for SQL Injection, XSS, RCE, and Shellcode.
    • Behavioral Analysis: Detects Traffic Bursts, Port Scans, and Lateral Movement (Pivoting).
    • Context Linking: Visually links related events (e.g., a burst followed by a new connection).
  • Visualizations:
    • Protocol Distribution Charts.
    • Active Conversations Table.
    • Geo-IP Mapping for external hosts.
  • Forensic Tools:
    • Payload inspection with ASCII preview.
    • VirusTotal integration for IP reputation checks.
    • PDF Report Generation.

πŸ› οΈ Tech Stack

  • Frontend: React 19, TypeScript, Vite
  • Styling: Tailwind CSS
  • AI: Google GenAI SDK (Gemini 1.5 Flash)
  • Visualization: Recharts, Lucide React
  • Utilities: jsPDF, html2canvas

πŸ“¦ Installation

  1. Clone the repository

    git clone https://github.com/yourusername/packetduck.git
cd packetduck

  2. Install dependencies

    npm install

  3. Configure Environment Variables Create a .env file in the root directory:

    # Required for AI Analysis
GEMINI_API_KEY=your_google_gemini_api_key

# Optional: For IP Reputation checks (Free tier works)
VT_API_KEY=your_virustotal_api_key

  4. Run the development server

    npm run dev

πŸ”‘ Getting API Keys

  1. Google Gemini API: Get your key from Google AI Studio.
  2. VirusTotal API: Sign up at VirusTotal to get a free public API key.

πŸ›‘οΈ Privacy Note

PacketDuck performs the heavy lifting (PCAP parsing) locally.

  • Local Parsing: The raw binary parsing happens in your browser's memory.
  • AI Analysis: When you trigger the AI analysis, a subset of metadata (summarized logs, top protocols, and specific payload snippets) is sent to the Google Gemini API for processing.

πŸ“„ License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages