Advanced Network Packet Capturing & Anomaly Detection Tool
Real-time traffic analysis powered by Python, Scapy, PyQt5, and Matplotlib.
See Packet Vision in action - from capture to analysis in real-time
Packet Vision is a Python-powered desktop tool that captures, filters, and visualizes live network packets. Designed with a sleek PyQt5 GUI, it supports real-time traffic inspection, anomaly detection using statistical thresholds, and seamless PCAP export for advanced analysis in tools like Wireshark.
Whether you're a cybersecurity student, network engineer, or penetration tester, this tool offers an efficient and accessible way to peek inside your network traffic.
- ๐ก Live Packet Capture with Scapy and BPF filtering
- ๐๏ธ Modern GUI built using PyQt5 with intuitive controls
- ๐ง Statistical Anomaly Detection with real-time visualization
- ๐ Detailed Packet Analysis: Multi-layer protocol inspection
- ๐จ Color-Coded Protocols: Easy visual identification of traffic types
- ๐๏ธ PCAP Export: Save captured data for use with Wireshark
- ๐ Graphical Representation: Real-time anomaly graph plotting
- ๐งญ Navigation Controls: Browse packets with First/Previous/Next/Last
- ๐ก๏ธ Security Assessment: Automatic protocol security evaluation
- ๐ Built-in Help System: Complete user guide and shortcuts
| Component | Tool/Library | Purpose |
|---|---|---|
| Language | Python 3.6+ | Core development |
| GUI Framework | PyQt5 | User interface |
| Packet Capture | Scapy | Network packet processing |
| Stats/Analysis | NumPy | Statistical computations |
| Visualization | Matplotlib | Real-time graphs |
| Export Format | PCAP | Wireshark compatibility |
Before installing Packet Vision, you MUST install the following system dependencies:
- Download and Install Npcap: https://npcap.com/#download
- This is required for Scapy to capture network packets on Windows
sudo apt-get install tcpdumpNote: Without these dependencies, packet capture will not work and you'll get import errors.
https://github.com/MABDULAHAD-HUB/PacketVision.git
cd PacketVisionWindows:
python -m venv venv
venv\Scripts\activateLinux:
python3 -m venv venv
source venv/bin/activatepip install PyQt5 scapy matplotlib numpypython CODE.py-
Launch the Application
- Run
python CODE.pyfrom the terminal - The main window will open with all controls visible
- Run
-
Start Packet Capture
- Click the
โถ๏ธ START button to begin capturing packets - Packets will appear in real-time in the main table
- Click the
-
Stop Packet Capture
- Click the โน๏ธ STOP button to halt packet capture
- Use RESTART to clear all data and start fresh
- Protocol Filter: Select from dropdown (All, TCP, UDP, ICMP)
- Port Filter: Enter specific port numbers (e.g., "80", "443")
- Custom Filter: Advanced BPF filters (e.g., "host 8.8.8.8")
- Set your desired filters before starting capture, OR
- Use Filter Table button to filter already captured packets
Protocol: TCP + Port: 443 = Capture only HTTPS traffic
Custom: "host google.com" = Capture traffic to/from Google
Custom: "port 53" = Capture all DNS traffic
- Time: When the packet was captured
- Protocol: Network protocol (TCP/HTTP, UDP/DNS, etc.)
- Flags: TCP flags (SYN, ACK, FIN, etc.)
- TTL: Time to Live (helps identify OS)
- Direction: Traffic flow (LOCAL, IN, OUT, EXT)
- Source: Origin IP address
- Destination: Target IP address
- Ports: Source โ Destination ports
- Length: Packet size in bytes
- Info: Detailed protocol information
- ๐ข Green (TCP): General TCP traffic
- ๐ต Blue (UDP): General UDP traffic
- ๐ Orange (ICMP): Ping and network control
- ๐ฃ Purple (HTTP): Unencrypted web traffic
โ ๏ธ - ๐ก Yellow (HTTPS): Encrypted web traffic โ
- ๐ท Cyan (DNS): Domain name lookups
- โซ Gray (Others): Unknown protocols
- ๐ด Red (Anomalous): Suspicious traffic patterns
-
Click on any packet in the main table
-
Details Panel shows structured analysis:
- ๐ Timing information
- ๐ Network layer (IP)
- ๐ Transport layer (TCP/UDP/ICMP)
- ๐ฑ Application layer services
- ๐ Security assessment
-
Bytes Panel shows raw packet data in hexadecimal
- โฎ๏ธ First: Jump to first packet
- โช Previous: Go to previous packet
- โฉ Next: Go to next packet
- โญ๏ธ Last: Jump to last packet
- Capture some packets first
- Go to Anomaly Detection โ Detect Anomalies
- Real-time graph window opens showing traffic patterns
- ๐ต Blue Bars: Normal traffic (below threshold)
- ๐ด Red Bars: Anomalous traffic (above threshold)
- ๐ Red Dashed Line: DDoS threshold (50 packets)
- ๐ Letters (A, B, C...): Anonymized IP addresses
- ๐ Gray Box: IP mapping legend on right side
- Stop Real-time Detection: Pause the live updates
- Clear Graph: Reset the anomaly visualization
- Go to File โ Save PCAP
- Choose location and filename
- File can be opened in Wireshark for advanced analysis
Access built-in help through the Help menu:
- User Guide: Complete feature overview
- Keyboard Shortcuts: Quick reference
- About Packet Vision: Version and developer info
- Learn network protocols (TCP, UDP, ICMP)
- Understand packet structure and flow
- Practice network security concepts
- Monitor real-time network traffic
- Troubleshoot connectivity issues
- Analyze protocol distributions
- Detect suspicious traffic patterns
- Identify potential DDoS attacks
- Perform basic network forensics
- โ All analysis performed locally on your machine
- โ No data transmitted to external servers
- โ IP addresses anonymized in anomaly graphs
- โ Captured data stays on your system
โ ๏ธ Use responsibly and only on networks you own/have permission to monitor
M ABDUL AHAD
๐ Cybersecurity Enthusiast & Network Security Specialist
- ๐ผ LinkedIn: @m-abdul-ahad
- ๐ GitHub: @MABDULAHAD-HUB
If this project helped you, please consider giving it a โญ on GitHub!
ยฉ 2025 M ABDUL AHAD - Packet Vision
Making network analysis accessible to everyone