Advanced C++ command-line network utility for real-time packet monitoring with intelligent anomaly detection.
- Real-time Packet Capture: Uses libpcap for efficient packet capture across Windows and Linux
- Live Traffic Display: Well-formatted table showing source IP, destination IP, protocol, packet size, and timestamps
- Intelligent Anomaly Detection: Built-in heuristics for detecting:
- Unusual packet bursts (>100 packets in 5 seconds)
- Port scanning behavior (>10 ports scanned in 30 seconds)
- Repeated failed connection attempts (>20 failures in 60 seconds)
- Watch Rules: Set custom alerts for specific IPs and ports with audio notifications
- Color-coded Output: Visual indicators for anomalies and watched traffic
- CSV Export: Export captured data for later analysis
- Cross-platform: Works on both Windows and Linux systems
Linux:
sudo apt-get install libpcap-dev cmake build-essentialWindows:
- Install WinPcap or Npcap
- Visual Studio 2019 or later
- CMake 3.15+
mkdir build && cd build
cmake ..
makeWindows (Visual Studio):
mkdir build && cd build
cmake .. -G "Visual Studio 16 2019"
cmake --build . --config Release./network2.0./network2.0 --watch-ip 192.168.1.10 --alert-port 8080 --log traffic.csvAvailable options:
--watch-ip <IP>: Watch traffic for specific IP address--alert-port <PORT>: Alert on traffic to/from specific port--log <filename>: Enable logging to CSV file--interface <name>: Specify network interface--protocol <TYPE>: Filter by protocol (TCP, UDP, ICMP)--help: Show help message
While the program is running, you can use these commands:
h, help: Show help messages, stats: Display detailed network statisticsw, watch: Show current watch rulesa, anomalies: Show anomaly detection statusr, reset: Reset all statisticsl, log <filename>: Enable/disable logginge, export <filename>: Export captured data to CSVq, quit: Exit the program
./network2.0 --watch-ip 192.168.1.100./network2.0 --alert-port 80 --alert-port 443 --log web_traffic.csv./network2.0 --interface eth0 --log network_capture.csv./network2.0 --protocol TCP
./network2.0 --protocol ICMP --log icmp_traffic.csvThe main display shows:
- Time: Timestamp of packet capture
- Source IP: Source IP address
- Source MAC: Source hardware (MAC) address
- Dest IP: Destination IP address
- Dest MAC: Destination hardware (MAC) address
- Protocol: TCP, UDP, ICMP, or other
- Size: Packet size in bytes
- Notes: Anomaly information or alerts
- White: Normal traffic
- Red: Anomalous packets (bursts, scans, failed connections)
- Yellow: Watched IP/port traffic
- Cyan: Headers and informational text
- Green: Success messages
The tool detects three types of anomalies:
- Packet Bursts: More than 100 packets from same source in 5 seconds
- Port Scans: More than 10 different ports accessed from same source in 30 seconds
- Failed Connections: More than 20 small TCP packets from same source in 60 seconds
Exported CSV files contain:
Timestamp,Source_IP,Source_Port,Dest_IP,Dest_Port,Source_MAC,Dest_MAC,Protocol,Size_Bytes,Is_Anomaly,Anomaly_Reason
The application uses a modular design with these components:
PacketCapture: Handles low-level packet capture using libpcapAnomalyDetector: Implements heuristic-based anomaly detectionNetworkStats: Tracks and displays network statisticsWatchRules: Manages IP and port watch rules with alertingLogger: Handles CSV logging and data exportUtils: Common utilities for formatting and cross-platform operations
- Requires administrator/root privileges for packet capture
- Network interface must support promiscuous mode
- Performance depends on network traffic volume and system capabilities
This project is provided as-is for educational and professional use.
This tool is designed for legitimate network monitoring and security analysis. Always ensure you have proper authorization before monitoring network traffic.