Professional-grade network traffic analyzer with advanced protocol analysis, real-time visualization, and anomaly detection.
- β Multi-Port TLS Detection - Ports 443, 8443, 4433, 10443
- β Complete TLS Handshake Capture - All handshake stages tracked
- β Full X.509 Certificate Parsing - Subject, Issuer, Validity, Serial Number
- β Enhanced JA3 Fingerprinting - Complete 5-component fingerprint
- β Advanced Extension Parsing - SNI, ALPN, Supported Groups, Signature Algorithms
- β TLS Version Detection - TLS 1.0/1.1/1.2/1.3
- β Cipher Suite Analysis - All cipher suites captured and analyzed
- β Certificate Chain Validation - Full certificate details
- β Session Tracking - Session ID and ticket monitoring
- β Cross-Platform Scanning - Windows, Linux, macOS support
- β MAC Vendor Lookup - Identifies 30+ device manufacturers
- β Rogue AP Detection - Detects duplicate SSIDs with different BSSIDs
- β Enhanced Security Analysis - Color-coded warnings (π΄ Critical, π‘ Warning, π’ Info)
- β WPA3 Detection - Latest security standard support
- β Interference Analysis - Channel overlap and interference scoring
- β Smart Channel Recommendations - Best channels for 2.4GHz and 5GHz
- β Suspicious SSID Detection - Identifies potentially malicious networks
- β Hidden SSID Detection - Flags security through obscurity
- β Signal Strength History - Track signal quality over time
- β Network History Tracking - Monitor network appearances
- β Deauth Attack Detection - Identifies potential attacks
- β Comprehensive Reports - Detailed WiFi environment analysis
- β TCP/UDP with detailed flag analysis (None-safe)
- β ICMP (ping, unreachable messages)
- β ARP (network discovery)
- β DHCP (IP assignment tracking)
- β DNS with query tracking
- β HTTP/HTTPS traffic analysis
- β NTP (time synchronization)
- β mDNS/SSDP (device discovery)
- β QUIC (detection and analysis)
- π IP range filtering
- π Port filtering
- π Protocol filtering
- π Direction filtering (in/out)
- π Time-based filtering
- π Combined filters (AND/OR)
- π Saved filter presets
- π PPS (packets per second)
- π BPS (bytes per second)
- π Top IPs by traffic
- π Top domains (DNS/SNI)
- π Top ports
- π Traffic histograms
- π Spike detection
- π Idle/active period analysis
- π Live traffic graphs
- π Protocol distribution charts
- π DNS/HTTP/TLS activity graphs
- π Activity heatmaps
- π SourceβDestination flow diagrams
- π Timeline view
- π Packet mini-maps
- π‘ WiFi network scanning (Windows/Linux/macOS)
- π‘ Signal strength monitoring
- π‘ Channel congestion analysis
- π‘ Security vulnerability detection
- π‘ Best channel recommendations
- π‘ Connected network details
- π‘ Network quality assessment
- π‘ Auto-refresh capability
- π‘ Comprehensive WiFi reports
- π¨ Excessive DNS Queries - Detects DNS tunneling attempts
- π¨ Port Scanning Detection - Identifies reconnaissance activity
- π¨ Suspicious Port Usage - Flags dangerous ports (SSH, RDP, SMB, etc.)
- π¨ Unusual SNI Patterns - Detects Tor, suspicious domains
- π¨ Beaconing Detection - Identifies C2 communication patterns
- π¨ Rate-Limit Violations - PPS/BPS threshold monitoring
- π¨ VPN/Proxy Detection - Identifies encrypted tunnel usage
- π¨ DNS over HTTPS Detection - Tracks DoH usage
- π¨ DDoS Detection - Connection attempt monitoring
- πΎ CSV export
- πΎ PCAP export (Wireshark compatible)
- πΎ HTML reports with charts
- πΎ Auto-save sessions
- πΎ Session comparison
- πΎ Syslog export
- π¨ Dark theme (strict & pleasant)
- π¨ Context menus
- π¨ Detailed packet inspection
- π¨ Color profiles
- π¨ Sortable/pinnable columns
- π¨ Dockable panels
- π¨ Hotkeys support
- π¨ Zoom controls
- βοΈ Plugin system
- βοΈ Configuration profiles
- βοΈ REST API
- βοΈ Headless mode
- βοΈ Role-based access (viewer/analyst)
- βοΈ Capture timers
- βοΈ Auto-start sessions
- βοΈ Domain blacklist/whitelist
- βοΈ VPN/Proxy detection
- βοΈ DNS over HTTPS detection
- Python 3.10 or higher
- Administrator/root privileges (for packet capture)
- Npcap (Windows) - Download here
β οΈ IMPORTANT: Install with "WinPcap API-compatible Mode" enabled- Enable "Support raw 802.11 traffic" for WiFi analysis
# Clone the repository
git clone https://github.com/tworjaga/flowscope.git
cd flowscope
# Install dependencies
pip install -r requirements.txt
# Run the analyzer (requires admin/root privileges)
python main.pyPyQt6>=6.4.0
scapy>=2.5.0
psutil>=5.9.0
matplotlib>=3.7.0
cryptography>=41.0.0 # For enhanced TLS certificate parsing
netifaces>=0.11.0 # For WiFi analysis
# Windows (Run as Administrator)
python main.py
# Linux/macOS (Run with sudo)
sudo python main.py# Capture for 1 hour and save to file
python main.py --headless --duration 3600 --output capture.pcap
# Capture with specific interface
python main.py --headless --interface eth0 --output capture.pcap# Start REST API server
python main.py --api --port 8080
# Access API at http://localhost:8080/api/# Test if packet capture is working
python test_capture.pyCtrl+S- Save sessionCtrl+O- Open sessionCtrl+E- Export to CSVCtrl+F- Open filter dialogCtrl+P- Pause/Resume captureCtrl+R- Reset statisticsF5- Refresh viewF11- Toggle fullscreenSpace- Pause/Resume
Edit config/settings.yaml to customize:
- Capture interface
- Buffer sizes
- Update intervals
- Theme colors
- Plugin settings
flowscope/
βββ backend/ # Core packet capture & analysis
βββ frontend/ # PyQt6 GUI
βββ config/ # Configuration files
βββ plugins/ # Plugin system
βββ sessions/ # Saved capture sessions
βββ logs/ # Application logs
- Python 3.10+
- Npcap (Windows) - https://npcap.com/
- ΠΠΠ―ΠΠΠ’ΠΠΠ¬ΠΠ Ρ WinPcap API-compatible Mode
- Support raw 802.11 traffic
- Administrator/root privileges (for packet capture)
- Windows/Linux/macOS
- Installation Guide - Detailed installation instructions
- Npcap Setup Guide - Windows packet capture setup
- Quick Start Guide - Get started in 5 minutes
- Project Summary - Complete feature overview
- Testing Results - Validation and test results
- Read
NPCAP_SETUP_GUIDE.mdfor Windows setup - Run
test_capture.pyfor diagnostics - Install Npcap correctly with WinPcap compatibility mode
- Select active network interface (WiFi/Ethernet)
- Run as Administrator/root
- Windows: Run Command Prompt as Administrator
- Linux/macOS: Use
sudo python main.py
- Check interface name in
test_capture.py - Reinstall Npcap (Windows)
- Check
ifconfigorip addr(Linux)
All NoneType errors in TCP flag parsing have been resolved in:
packet_capture.pyfilter_engine.pyflow_engine.pyanomaly_detector.py
Proper task cancellation implemented for clean shutdown.
- Network Security Analysis - Detect intrusions and anomalies
- WiFi Site Surveys - Optimize wireless network deployment
- Protocol Debugging - Analyze application-level protocols
- Performance Monitoring - Track network bandwidth and latency
- Compliance Auditing - Monitor network security policies
- Penetration Testing - Identify vulnerabilities
- IoT Device Analysis - Monitor smart device communications
- TLS/SSL Inspection - Analyze encrypted traffic metadata
- β Enhanced TLS Analysis - Complete handshake capture with JA3 fingerprinting
- β Powerful WiFi Tools - Rogue AP detection, vendor lookup, interference analysis
- β Fixed All NoneType Errors - Robust TCP flag parsing across all modules
- β Asyncio Task Management - Proper task cancellation and cleanup
- β Enhanced Security Detection - WPA3 support, suspicious SSID detection
- β Better Certificate Parsing - Full X.509 details with cryptography library
- β Improved UI - Packet details panel, TLS handshake panel integration
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
Created for professional network analysis and security research.
- Scapy - Powerful packet manipulation library
- PyQt6 - Modern GUI framework
- Npcap - Windows packet capture driver
- cryptography - TLS certificate parsing
If you find this project useful, please consider giving it a star!
Note: This tool is for educational and professional network analysis purposes only. Always ensure you have proper authorization before analyzing network traffic.