This project provides a simple and effective Intrusion Detection & Prevention System (IDPS) that monitors network traffic for suspicious activity, logs alerts, and auto-blocks attacks in real time on Windows 11.
- Real-time Traffic Monitoring: Captures and analyzes network packets to detect and block online attacks.
This project consists of the following main files:
idps_engine.py: The core of the IDS. It listens for network traffic, applies detection rules, and logs alerts.ids_alerts.json: Stores all network alerts in a JSON format.blocked_ips.json: Contains a list of IP addresses that have been blocked by the IDPS.ids_rules.json: Defines the rules used to monitor for various attacks.
-
Download and install Python 3 from the official website:
Python 3.13.7 (Windows x64 Installer)Note: During installation, select the options to install pip and Add Python to PATH.
-
Download and install Wireshark from the official website:
Wireshark 4.4.9 (Windows x64 Installer)Important: When prompted, ensure you select these options:
- "Install Npcap in WinPcap API-compatible mode"
- "Install Support raw 802.11 traffic (and monitor mode) for wireless adapters"
-
Open Command Prompt (
cmd) and run:python --version
Expected output (example):
Python 3.13.7
-
Navigate to the project directory in Command Prompt and run:
pip install -r requirements.txt
- Double-click on
run.bat. - When the User Account Control (UAC) prompt appears, select "Yes" to run the script with administrator privileges.
This is necessary for network traffic monitoring.
- If Windows Defender or your antivirus flags the script, allow it through temporarily (only if you trust the source).
- Wireshark/Npcap installation may require a system restart.