An interactive network traffic anomaly visualizer. Parse PCAP files or Zeek/Suricata logs and explore your network through connection graphs, time-series anomaly plots, and protocol breakdowns — all in a browser dashboard.
- Parse PCAP files (via Scapy/PyShark) and Zeek conn.log files
- Interactive connection graph (who talked to whom)
- Time-series traffic volume with anomaly markers (Z-score / IQR)
- Protocol distribution charts
- Top talkers and suspicious IP flagging
- REST API backend (Flask) + interactive frontend (Plotly.js / D3.js)
Python Scapy PyShark Flask Plotly.js pandas scipy
netflow-viz/
├── parser/
│ ├── pcap_parser.py # PCAP to DataFrame
│ └── zeek_parser.py # Zeek conn.log parser
├── api/
│ └── app.py # Flask REST endpoints
├── frontend/
│ ├── index.html
│ ├── graph.js # Connection graph
│ └── charts.js # Time-series + protocol charts
├── samples/ # Public PCAP samples for testing
├── tests/
├── requirements.txt
└── README.md
git clone https://github.com/SANC18/netflow-viz
cd netflow-viz
pip install -r requirements.txt
python api/app.py
# Open http://localhost:5000
# Upload a PCAP file and explore- Project structure setup
- PCAP parser (Scapy)
- Zeek log parser
- Flask API endpoints
- Connection graph (D3.js)
- Anomaly detection (Z-score)
- Frontend dashboard
- Deploy to Render
MIT