Netshark is a professional Network Traffic Anomaly Detector designed for security researchers and network administrators. It analyzes PCAP files or captures live traffic to detect suspicious activities.
- Port Scan Detection: Identifies potential SYN scans and port sweeping.
- ARP Spoofing Detection: Detects IP/MAC conflicts and gratuitous ARP floods.
- DNS Tunneling Detection: Analyzes DNS queries for suspicious lengths and entropy.
- Suspicious IP Detection: Flags communications with suspicious or non-standard IP ranges.
- Professional Reports: Clear, color-coded CLI output.
Netshark is designed to be easily installed on Kali Linux and other Python-supported environments.
-
Clone the repository:
git clone https://github.com/yourusername/netshark.git cd netshark -
Install dependencies:
pip install -r requirements.txt
Note: You may need
sudofor packet capturing permissions. -
Install system dependencies (Optional but recommended for Pyshark):
sudo apt-get install tshark
Run Netshark via the command line:
python main.py -f <path_to_pcap.pcap>Options:
-f, --file: Path to the PCAP file to analyze.-i, --interface: Network interface for live capture (Coming Soon).-h, --help: Show help message.
- Port Scanning: Tracks fast connection attempts from a single source.
- ARP Monitoring: Watches for MAC address flip-flopping.
- DNS Analysis: High entropy domain queries.
Netshark is for educational and authorized testing purposes only. Usage for attacking targets without prior mutual consent is illegal.