Simple and useful sniffer that captures traffic based on given preferences.
The goal of this project was to extend my knowledge around networking and the significance of packet analysis on the defensive side of things.
This feature was inspired by the Logontracer project by JPCERTCC. In this example, we're showing some outbound traffic on a host. Eventually, we will be able to show more packet data like protocols, payload information, packet length, TTL, etc. And in the future, we will add an option where you can upload pcap files and will utilize this visualizer to show network activity.
-
Interactive CLI
-
Packet capture
-
PCAP file analysis
WINPCAP - must download driver to prevent any DLL issues
Windows 8/8.1/10
Go version 1.17.6+
Usage:
go run packetsniffer.go <flag>
Yes/no for web server and GUI ( localhost:8090 )
Path to the pcap file to analyze
Protocol either TCP or UDP
Port ranges from 1-65535
How long (in seconds) to run the sniffer
Show help
Show current version
-
Create a threat detection service
- based on ip addresses and domains
- checks whether a workstation visited a potentially suspicious or malicious website
- internal host to host communication
- utlize free threat intel feeds and open source APIs
- scheduling mechanism to update feeds
-
Create a UI for pcap file analysis
- can be used by incident response and SOC teams to find any suspicious network activities on a workstation.
-
Configuration to capture traffic based on a set of rules like:
- CPU resource spikes and deviates from baseline
-
Firewall integrations to block suspicious communcation paths