A modular, hybrid system designed to capture, parse, and analyze network traffic. This project demonstrates the integration of low-level system programming in C with high-level data processing in Python.
Note: This project is currently under development, built during my free time alongside university studies to explore network internals and system interoperability.
The system architecture is splited into two main components:
-
Capture Agent (C / libpcap):
- Directly interfaces with the network stack using
libpcap. - Performs manual header parsing (Ethernet -> IPv4 -> TCP/UDP).
- Serializes packet metadata into a compact JSON format.
- Streams data to standard output (stdout) for efficient IPC.
- Directly interfaces with the network stack using
-
Flow Engine (Python):
- Consumes the JSON stream via a pipe.
- Aggregates individual packets into 5-tuple flows (Source/Dest IP, Ports, Protocol).
- Tracks flow statistics (packet count, byte count, timestamps).
- Handles flow expiration and provides a validation layer for incoming data.
- Languages: C11, Python 3.10+
- Libraries:
libpcap(packet capture),pthreads(for future scaling),json(serialization). - Protocols Parsed: Ethernet, IPv4, TCP, UDP.
- Tools: GCC, Make, Git.