Secure Passive Network Traffic Analyzer
Pure functional design with strong type safety and immutable data structures
Features • Installation • Usage • Security
NullSec NetSeer is a Secure passive network traffic analyzer written in Haskell. It leverages the power of pure functional programming to provide mathematically provable security guarantees through strong typing and immutability.
- 📊 Traffic Analysis - Deep packet inspection and flow analysis
- 🔍 Protocol Detection - Identify protocols in network streams
- 📈 Statistics - Real-time traffic statistics and metrics
- 🛡️ Type-Safe - Strong typing prevents entire classes of bugs
- ♻️ Immutable - No side effects in core analysis logic
- 📝 Reports - Comprehensive traffic reports
┌─────────────────────────────────────────────┐
│ NullSec NetSeer v2.0.0 │
├─────────────────────────────────────────────┤
│ ✓ Pure Functional Design │
│ ✓ Strong Type Safety (Newtypes) │
│ ✓ Smart Constructors for Validation │
│ ✓ Bounded Data Structures │
│ ✓ Immutable Data Throughout │
│ ✓ Explicit Error Handling (No Exceptions) │
│ ✓ Memory Exhaustion Prevention │
└─────────────────────────────────────────────┘
# Clone the repository
git clone https://github.com/bad-antics/nullsec-netseer.git
cd nullsec-netseer
# Build with Cabal
cabal update
cabal build
# Or with Stack
stack build
# Install
cabal install- GHC 9.4 or later
- Cabal 3.8+ or Stack 2.9+
- libpcap development libraries
- base >= 4.16
- bytestring >= 0.11
- containers >= 0.6
- time >= 1.12
- directory >= 1.3# Analyze pcap file
./nullsec-netseer --input capture.pcap
# Live capture (requires root)
sudo ./nullsec-netseer --interface eth0
# Generate statistics report
./nullsec-netseer --input capture.pcap --stats
# Filter by protocol
./nullsec-netseer --input capture.pcap --protocol tcp
# Export analysis
./nullsec-netseer --input capture.pcap --output analysis.json| Flag | Description |
|---|---|
--input <file> |
Input pcap file to analyze |
--interface <if> |
Live capture interface |
--stats |
Show traffic statistics |
--protocol <proto> |
Filter by protocol |
--top <n> |
Show top N flows |
--output <file> |
Output file for reports |
--verbose |
Enable verbose output |
--version |
Show version information |
███╗ ██╗███████╗████████╗███████╗███████╗███████╗██████╗
████╗ ██║██╔════╝╚══██╔══╝██╔════╝██╔════╝██╔════╝██╔══██╗
██╔██╗ ██║█████╗ ██║ ███████╗█████╗ █████╗ ██████╔╝
██║╚██╗██║██╔══╝ ██║ ╚════██║██╔══╝ ██╔══╝ ██╔══██╗
██║ ╚████║███████╗ ██║ ███████║███████╗███████╗██║ ██║
╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝
bad-antics • Network Traffic Analyzer
[*] Analyzing: capture.pcap
[+] Packets processed: 142,857
[+] Flows identified: 3,421
┌──────────────────────────────────────────┐
│ Traffic Statistics │
├──────────────────────────────────────────┤
│ Total Bytes: 2.4 GB │
│ Total Packets: 142,857 │
│ Unique IPs: 1,234 │
│ Duration: 3h 24m 15s │
├──────────────────────────────────────────┤
│ Protocol Breakdown: │
│ TCP: 78.4% (111,999 pkts) │
│ UDP: 19.2% (27,428 pkts) │
│ ICMP: 2.4% (3,430 pkts) │
└──────────────────────────────────────────┘
-- Smart constructors ensure validation at creation
mkValidIP :: Word32 -> Either String ValidIP
mkValidPort :: Word16 -> Either String ValidPort
mkValidPath :: FilePath -> Either String ValidPath
-- Newtypes prevent mixing different data types
newtype ValidIP = ValidIP { getIP :: Word32 }
newtype ValidPort = ValidPort { getPort :: Word16 }
-- Pure functions with no side effects
analyzePacket :: ValidPacket -> Either AnalysisError PacketInfoNullSec Proprietary License - See LICENSE file for details.
bad-antics
- GitHub: @bad-antics
- Website: bad-antics.github.io
- Discord: discord.gg/killers
Part of the NullSec Security Framework
"Mathematically provable security through pure functional programming"