Wiredigg is a comprehensive network analysis tool with advanced security features designed for network administrators, security professionals, and IT enthusiasts. It provides real-time packet capture, protocol analysis, anomaly detection, and threat identification capabilities in a modern, user-friendly interface.
- Advanced Packet Capture: Capture and analyze network packets in real-time with support for multiple protocols
- Security Analysis: Identify potential threats and vulnerabilities using signature-based and ML-based detection
- Protocol Support: Analyze TCP, UDP, ICMP, HTTP, HTTPS, DNS and more
- Machine Learning: Detect network anomalies using an incrementally-trained machine learning model
- IoT/Cloud Analysis: Identify and monitor IoT devices and cloud service connections
- Traffic Visualization: View network traffic patterns with interactive charts
- Predictive Analysis: Generate traffic forecasts and anomaly predictions
- Packet Filtering: Apply filters for efficient traffic analysis
- Export Capabilities: Save packet captures, threat reports, and analysis results
- Python 3.7+
- Required Python packages:
- tkinter
- numpy
- matplotlib
- networkx
- scikit-learn
- netifaces
- pandas
-
Clone the repository: git clone https://github.com/Zrufy/wiredigg.git cd wiredigg
-
Install required packages: pip install -r requirements.txt
-
Run the application: python wiredigg.py
Note: Administrator/root privileges are required for packet capture on most systems.
- Select a network interface from the dropdown list
- Click "Start Capture" to begin monitoring network traffic
- Use filters to focus on specific protocols, IPs, or ports
- Click "Stop Capture" when done
- Navigate to the "Security Analysis" tab
- Click "Analyze Threats" to scan captured packets for potential security issues
- Double-click on a detected threat for detailed information
- View threat details, payload analysis, and security recommendations
- Click "ML Detection" to analyze traffic with the machine learning model
- Mark false positives to improve the model's accuracy
- Use batch actions to process multiple detections at once
- Navigate to the "IoT/Cloud" tab
- Click "Identify IoT devices" to detect and classify network devices
- View detailed information about each device and assess potential risks
- Navigate to the "Predictive Analysis" tab
- Click "Generate Predictions" to view traffic forecasts
- Monitor potential traffic anomalies and trends
Use the "Send Simple Packet" feature to test network connectivity and response:
- Enter destination IP, protocol (TCP/UDP), port, and data
- Click "Send" to transmit the packet
- View response data if available
The machine learning model improves through incremental training:
- The model automatically learns from captured traffic
- Mark false positives to refine detection accuracy
- Reset the model if necessary using "Reset ML Model"
Wiredigg is built on a multi-threaded architecture to ensure responsive UI while handling intensive packet capture and analysis:
- Main Thread: UI management and user interaction
- Capture Thread: Packet sniffing and initial processing
- Analysis Threads: Security analysis and ML detection
- Background Training: Continuous improvement of the ML model
The application includes an extensible threat database with:
- Known malicious IP addresses
- Attack signatures and patterns
- Vulnerable port information
- File type detection
- Protocol analysis rules
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the GPL2 License - see the LICENSE file for details.
- Tkinter for the UI framework
- Matplotlib for data visualization
- NetworkX for network graph analysis
- Scikit-learn for machine learning capabilities
- Netifaces for network interface detection
Note: Wiredigg is designed for legitimate network analysis and security purposes only. Always ensure you have proper authorization before capturing network traffic in any environment.