A lightweight network packet analyzer and traffic monitoring tool built using C and Python.
The system captures live packets from a network interface, parses protocol headers, logs packet metadata, and performs automated traffic analysis.
This project demonstrates systems programming, networking protocols, and automation using low-level packet inspection.
- Live packet capture using libpcap
- Parsing of Ethernet, IPv4, TCP, and UDP headers
- Real-time packet decoding in terminal
- Live traffic monitoring dashboard
- Packet metadata logging to structured log files
- Python automation for traffic analysis
- Detection of suspicious traffic patterns
- Support for Berkeley Packet Filters (BPF) for filtered captures
Network Interface │ ▼ libpcap Packet Capture (C) │ ▼ Packet Parser (Ethernet → IP → TCP/UDP) │ ├── Live Terminal Dashboard │ ├── Packet Logs │ logs/captured_packets.log │ ▼ Python Traffic Analyzer │ ▼ Traffic Analysis Report reports/traffic_report.txt
linux-packet-analyzer │ ├── src │ ├── packet_sniffer.c │ ├── packet_parser.c │ └── packet_parser.h │ ├── scripts │ └── traffic_analyzer.py │ ├── logs │ └── captured_packets.log │ ├── reports │ └── traffic_report.txt │ ├── demo │ └── demo.gif │ ├── Makefile ├── requirements.txt └── README.md
- C
- Python
- libpcap
- Linux/macOS networking
- TCP/IP protocol stack
- Berkeley Packet Filters (BPF)
sudo apt update
sudo apt install libpcap-dev python3 python3-pip
macOS
brew install libpcap
Compile the Packet Analyzer
make
This creates an executable file named:
packet_sniffer
Running the Packet Sniffer
Capture all traffic:
sudo ./packet_sniffer
Specify a network interface:
sudo ./packet_sniffer --interface en0
Using Packet Filters
Capture HTTPS traffic:
sudo ./packet_sniffer --interface en0 --filter "tcp port 443"
Capture DNS traffic:
sudo ./packet_sniffer --interface en0 --filter "port 53"
Capture only UDP traffic:
sudo ./packet_sniffer --interface en0 --filter "udp"
Example Output
Listening on interface: en0
Applying filter: tcp port 443
========== Packet ==========
IP Header
Source IP: 10.0.0.120
Destination IP: 162.159.135.234
TCP Header
Source Port: 52793
Destination Port: 443
Live Traffic Monitoring
The program periodically displays traffic statistics while capturing packets.
Example dashboard:
===== Live Traffic Monitor =====
Total Packets Captured: 40
Protocol Counts
TCP: 18
UDP: 22
Top Source IPs
10.0.0.120 : 20 packets
17.248.136.165 : 12 packets
10.0.0.106 : 8 packets
Packet Logging
Captured packet metadata is written to:
logs/captured_packets.log
Example log entry:
SRC_IP=10.0.0.120 DST_IP=162.159.135.234 SRC_PORT=52793 DST_PORT=443 PROTOCOL=TCP
SRC_IP=17.248.136.165 DST_IP=10.0.0.120 SRC_PORT=443 DST_PORT=52793 PROTOCOL=TCP
Traffic Analysis
Run the Python analyzer:
python3 scripts/traffic_analyzer.py
The analysis report will be generated at:
reports/traffic_report.txt
Example report:
====== Network Traffic Analysis Report ======
Total Packets Captured: 152
Protocol Distribution:
TCP: 95
UDP: 57
Top Source IPs:
10.0.0.120: 60 packets
17.248.136.165: 42 packets
Learning Outcomes
This project demonstrates:
Low-level network packet parsing
Systems programming in C
Understanding of the TCP/IP protocol stack
Real-time traffic monitoring
Security-focused network traffic analysis
Author
Gowtham Revanur