Skip to content

Pakkuu/Network-Analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
include
include
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 

Repository files navigation

Network Traffic Monitor & Performance Analyzer

A high-performance macOS network traffic analyzer that captures packets, parses protocols, and monitors system performance metrics in real-time. Demonstrates BSD sockets, macOS system APIs, and efficient network programming.

Features

  • Packet Capture: Real-time packet capture using libpcap with BPF filtering
  • Protocol Analysis: Parses Ethernet, IP, TCP, UDP, ICMP protocols
  • Application Detection: Identifies HTTP, HTTPS, DNS, SSH, and other common protocols
  • Flow Tracking: Monitors network connections with bytes/packet statistics
  • Performance Monitoring: Real-time CPU usage per core using Mach APIs
  • Memory Tracking: System memory statistics via macOS vm_statistics
  • Event-Driven: Efficient kqueue-based event loop for multiplexing
  • Real-Time Display: Live updates at 10 Hz with formatted output

What It Demonstrates

UNIX Systems Programming

  • BSD Sockets: Raw packet capture and network interface programming
  • kqueue: Event multiplexing (BSD alternative to epoll)
  • System Calls: Low-level process and system management

macOS-Specific APIs

  • libpcap: Native packet capture framework
  • Mach APIs: CPU performance counters (host_processor_info)
  • VM Statistics: Memory management (host_statistics64)
  • sysctl: System information queries

Network Programming

  • Packet Parsing: Layer 2-4 protocol dissection (Ethernet → IP → TCP/UDP)
  • Flow Management: Connection state tracking with 5-tuple hashing
  • Performance: Designed for 50K+ packets/sec throughput

Architecture

libpcap Capture → Packet Parser → Protocol Analyzer → Performance Monitor
      ↓               ↓                  ↓                    ↓
   BPF Filter      IP/TCP/UDP        Flow Stats         CPU/Memory/I/O

Requirements

  • macOS (tested on Apple Silicon M-series)
  • Xcode Command Line Tools (provides libpcap)
  • CMake 3.15+
  • C++17 compiler (clang++)
  • Root/sudo privileges (for packet capture)

Build

# Install Xcode Command Line Tools (if not already installed)
xcode-select --install

# Build the project
mkdir build && cd build
cmake ..
make

# Binary will be created in the project root
cd ..

Usage

# Run with sudo (required for promiscuous mode)
sudo ./network_monitor <interface>

# Example: Monitor WiFi interface
sudo ./network_monitor en0

# Example: Monitor Ethernet
sudo ./network_monitor en1

Finding Your Network Interface

# List all network interfaces
ifconfig

# Common interfaces:
# en0  - WiFi
# en1  - Ethernet (Thunderbolt/USB)
# lo0  - Loopback

Output Example

========================================
Network Traffic Monitor
========================================

Interface: en0
Packets/sec:     12,451 | Bandwidth: 8.3 Mbps

CPU Usage:
  P-Core 0:   8% | P-Core 1:  12% | P-Core 2:   5% | P-Core 3:   9%
  E-Core 0:   2% | E-Core 1:   1% | E-Core 2:   3% | E-Core 3:   1%

Memory: 342.0 MB / 16.0 GB (2.1%)

Top Flows:
  192.168.1.100:52341 → 142.250.80.46:443 (TCP): 2.3 MB
  192.168.1.100:63829 → 151.101.1.69:443 (TCP): 1.1 MB
  192.168.1.100:54123 → 8.8.8.8:53 (UDP): 45.2 KB

Protocols: TCP 82% | UDP 15% | ICMP 3%

Total: 145,234 packets, 98.5 MB
Active flows: 47

Press Ctrl+C to stop...

Performance Targets

  • ✅ Process 50K+ packets/sec on WiFi traffic
  • ✅ <5μs per-packet processing overhead
  • ✅ Real-time display updates at 10 Hz
  • ✅ Zero packet drops under normal load
  • ✅ Accurate CPU/memory metrics

Project Structure

Network-Analyzer/
├── src/
│   ├── packet_capture.cpp      # libpcap wrapper
│   ├── protocol_parser.cpp     # IP/TCP/UDP parsing
│   ├── flow_tracker.cpp        # Connection state tracking
│   ├── performance_monitor.cpp # macOS system metrics
│   └── main.cpp                # Event loop with kqueue
├── include/
│   ├── packet_capture.h
│   ├── protocol_parser.h
│   ├── flow_tracker.h
│   ├── performance_monitor.h
│   └── common.h                # Shared data structures
├── CMakeLists.txt
└── README.md

Implementation Highlights

Packet Capture

  • Non-blocking libpcap with kqueue integration
  • BPF filter support for efficient kernel-level filtering
  • Zero-copy packet processing

Protocol Parser

  • Stateless parsing of Ethernet/IPv4/TCP/UDP headers
  • Application protocol detection via port analysis
  • Support for common protocols: HTTP, HTTPS, DNS, SSH, FTP, SMTP

Flow Tracker

  • Thread-safe hash map for flow state management
  • Automatic timeout and cleanup of idle flows
  • Top-N flow queries sorted by bytes transferred

Performance Monitor

  • Per-core CPU usage via Mach host_processor_info
  • Memory statistics via host_statistics64 (VM subsystem)
  • Real-time packet and bandwidth rate calculation

Event Loop

  • kqueue for efficient I/O multiplexing
  • Timer-based display updates (100ms interval)
  • Signal handling for graceful shutdown

About

MacOS network traffic analyzer

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages