A lightweight, real-time network traffic monitor written in C++. It uses the pcap (packet capture) library to sniff packets on a network interface and displays detailed information about them.
- π‘ Captures live network packets in real-time
- π Displays source and destination IP addresses and ports
- π Identifies TCP, UDP, and ICMP protocols
- π― Automatically selects a default network device or uses one specified by the user
- π§ NEW: Interactive network interface selection
- ποΈ NEW: List all available network interfaces
- π NEW: Multi-interface monitoring - capture from multiple network cards simultaneously
- π» Cross-platform support (Linux, macOS, Windows)
- π Lightweight with minimal dependencies
- π NEW: Interactive dashboard with color-coded visualizations
- π¨ NEW: OSI model layer-based color coding (Layer 3 & Layer 4)
- π NEW: Real-time traffic statistics and protocol distribution
- π NEW: Top connections tracking
- π NEW: Per-interface statistics in dashboard mode
You need to have the libpcap library installed on your system.
sudo apt-get update
sudo apt-get install libpcap-devsudo yum install libpcap-devellibpcap is usually included with Xcode Command Line Tools. If not available:
xcode-select --install
# Or with Homebrew:
brew install libpcapYou need to install Npcap (the Windows port of libpcap) and MinGW for compilation:
# Install Npcap from https://npcap.com/
# Or use Chocolatey:
choco install npcap -y
choco install mingw -yYou can build the project using a C++ compiler like g++.
git clone https://github.com/GizzZmo/Network-Analyzer.git
cd Network-AnalyzerLinux/macOS:
g++ -o network_monitor main.cpp network_monitor.cpp dashboard.cpp multi_monitor.cpp -lpcap -lpthreadWindows (MinGW):
g++ -o network_monitor.exe main.cpp network_monitor.cpp dashboard.cpp multi_monitor.cpp -lwpcap -lpacket -lws2_32 -static-libgcc -static-libstdc++ -I"C:/Program Files/Npcap/sdk/Include" -L"C:/Program Files/Npcap/sdk/Lib/x64"You need to run the executable with sudo permissions to access network interfaces.
Usage:
./network_monitor [OPTIONS] [INTERFACE]
Options:
-d, --dashboard Enable dashboard mode with visualizations
-l, --list List all available network interfaces
-i, --interactive Interactive interface selection
-m, --multi Multi-interface mode (specify interfaces with --interfaces)
--interfaces <list> Comma-separated list of interfaces for multi-mode
-h, --help Show this help messageTo see all available network interfaces on your system:
sudo ./network_monitor --listUse interactive mode to choose from available interfaces:
sudo ./network_monitor --interactiveOr with dashboard mode:
sudo ./network_monitor -i --dashboardRun with the --dashboard flag to see a beautiful, color-coded real-time dashboard:
sudo ./network_monitor --dashboardOr with a specific interface:
sudo ./network_monitor eth0 --dashboardThe dashboard displays:
- Protocol Distribution: Bar charts showing packet counts by protocol
- Traffic Statistics: Total packets, data volume, and rates
- Interface Statistics: Per-interface packet and traffic breakdown (when monitoring multiple interfaces)
- Top Connections: Most active network connections
- OSI Layer Color Coding:
- π’ Green: TCP (Layer 4 - Transport)
- π‘ Yellow: UDP (Layer 4 - Transport)
- π΅ Blue: ICMP (Layer 3 - Network)
- π£ Magenta: Other protocols
Monitor multiple network interfaces simultaneously:
Specify interfaces directly:
sudo ./network_monitor --multi --interfaces eth0,loWith dashboard mode:
sudo ./network_monitor -m -d --interfaces eth0,docker0,loInteractive multi-interface selection:
sudo ./network_monitor --multi --interactiveThis will allow you to select multiple interfaces from the list. Enter your selections as comma-separated numbers (e.g., 1,3,4).
For simple text output without the dashboard:
You can specify the network interface you want to monitor as a command-line argument:
sudo ./network_monitor eth0Replace eth0 with the name of your network interface (e.g., en0 on macOS, wlan0 for wireless).
If you don't provide an interface, the program will try to find a default one:
sudo ./network_monitorPress Ctrl+C to stop the monitor.
Sniffing on device: eth0
Starting network monitor... (Press Ctrl+C to stop)
[eth0] Packet captured. Length: 66 | Protocol: TCP | From: 192.168.1.10:12345 -> To: 172.217.16.14:443
[eth0] Packet captured. Length: 74 | Protocol: UDP | From: 192.168.1.10:54321 -> To: 8.8.8.8:53
[eth0] Packet captured. Length: 98 | Protocol: ICMP | From: 192.168.1.1 -> To: 192.168.1.10
...
Initializing multi-interface monitoring for:
- eth0
- lo
- docker0
Starting capture on 3 interface(s)...
Sniffing on device: eth0
Sniffing on device: lo
Sniffing on device: docker0
[eth0] Packet captured. Length: 66 | Protocol: TCP | From: 192.168.1.10:443 -> To: 172.217.16.14:443
[lo] Packet captured. Length: 60 | Protocol: TCP | From: 127.0.0.1:8080 -> To: 127.0.0.1:54321
[docker0] Packet captured. Length: 74 | Protocol: UDP | From: 172.17.0.2:53 -> To: 172.17.0.1:53
...
The dashboard mode displays a real-time, color-coded visualization with:
- Protocol distribution charts with OSI layer information
- Traffic statistics (packet rate, data throughput)
- Interface statistics (when monitoring multiple interfaces)
- Top 10 active connections
- Color-coded protocol legend
All protocols are color-coded according to their OSI model layer:
- TCP (Green) - Transport Layer (Layer 4)
- UDP (Yellow) - Transport Layer (Layer 4)
- ICMP (Blue) - Network Layer (Layer 3)
- Other (Magenta) - Various Layers
This project uses GitHub Actions for:
- Continuous Integration: Automatically builds the project on Ubuntu, macOS, and Windows for every push and pull request
- Release Automation: Creates distributable binaries for tagged releases
Pre-built binaries are available from the Releases page for:
- Linux (amd64)
- macOS (amd64)
- Windows (amd64)
The Windows executable may be flagged by Windows Defender or other antivirus software as a potential threat (Trojan:Script/Wacatac.B!ml). This is a false positive that commonly affects network monitoring tools.
Why this happens:
- Network monitoring tools require low-level access to capture packets
- The executable uses packet capture libraries (Npcap) similar to what malware might use
- The binary is statically linked and unsigned
This software is safe. You can:
- Review the source code (it's all here!)
- Build it yourself from source (see build instructions above)
- Check the VirusTotal scan results in each release
- Verify the download using the provided SHA256 checksums
- Add an exclusion in Windows Defender (see SECURITY.md for instructions)
For detailed information about this false positive and how to handle it, see SECURITY.md.
Verifying your download: Each release includes SHA256 checksum files (.sha256). See RELEASE.md for verification instructions.
To create a new release with binaries:
git tag -a v1.0.0 -m "Release version 1.0.0"
git push origin v1.0.0The release workflow will automatically build and upload binaries for all supported platforms.
For detailed instructions on creating releases, see RELEASE.md.
Network-Analyzer/
βββ main.cpp # Entry point and signal handling
βββ network_monitor.h # Header file with NetworkMonitor class
βββ network_monitor.cpp # Implementation of NetworkMonitor class
βββ multi_monitor.h # Header file with MultiMonitor class for multi-interface support
βββ multi_monitor.cpp # Implementation of MultiMonitor class
βββ dashboard.h # Header file with Dashboard class
βββ dashboard.cpp # Implementation of Dashboard with visualizations
βββ README.md # This file
βββ LICENSE # MIT License
βββ CONTRIBUTING.md # Contribution guidelines
βββ RELEASE.md # Release process documentation
βββ .github/
βββ workflows/
βββ build.yml # CI workflow for building artifacts
βββ release.yml # Release workflow for distributable assets
Contributions are welcome! Please read CONTRIBUTING.md for details on how to contribute to this project.
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with libpcap - the packet capture library
- Inspired by classic network monitoring tools