Secure Passive Network Traffic Analyzer
Pure functional design with strong type safety and immutable data structures
Features β’ Installation β’ Usage β’ Security
NullSec NetSeer is a Secure passive network traffic analyzer written in Haskell. It leverages the power of pure functional programming to provide mathematically provable security guarantees through strong typing and immutability.
- π Traffic Analysis - Deep packet inspection and flow analysis
- π Protocol Detection - Identify protocols in network streams
- π Statistics - Real-time traffic statistics and metrics
- π‘οΈ Type-Safe - Strong typing prevents entire classes of bugs
- β»οΈ Immutable - No side effects in core analysis logic
- π Reports - Comprehensive traffic reports
βββββββββββββββββββββββββββββββββββββββββββββββ
β NullSec NetSeer v2.0.0 β
βββββββββββββββββββββββββββββββββββββββββββββββ€
β β Pure Functional Design β
β β Strong Type Safety (Newtypes) β
β β Smart Constructors for Validation β
β β Bounded Data Structures β
β β Immutable Data Throughout β
β β Explicit Error Handling (No Exceptions) β
β β Memory Exhaustion Prevention β
βββββββββββββββββββββββββββββββββββββββββββββββ
# Clone the repository
git clone https://github.com/bad-antics/nullsec-netseer.git
cd nullsec-netseer
# Build with Cabal
cabal update
cabal build
# Or with Stack
stack build
# Install
cabal install- GHC 9.4 or later
- Cabal 3.8+ or Stack 2.9+
- libpcap development libraries
- base >= 4.16
- bytestring >= 0.11
- containers >= 0.6
- time >= 1.12
- directory >= 1.3# Analyze pcap file
./nullsec-netseer --input capture.pcap
# Live capture (requires root)
sudo ./nullsec-netseer --interface eth0
# Generate statistics report
./nullsec-netseer --input capture.pcap --stats
# Filter by protocol
./nullsec-netseer --input capture.pcap --protocol tcp
# Export analysis
./nullsec-netseer --input capture.pcap --output analysis.json| Flag | Description |
|---|---|
--input <file> |
Input pcap file to analyze |
--interface <if> |
Live capture interface |
--stats |
Show traffic statistics |
--protocol <proto> |
Filter by protocol |
--top <n> |
Show top N flows |
--output <file> |
Output file for reports |
--verbose |
Enable verbose output |
--version |
Show version information |
ββββ βββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ ββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββ βββββββββ βββ ββββββββββββββ ββββββ ββββββββ
ββββββββββββββββ βββ ββββββββββββββ ββββββ ββββββββ
βββ ββββββββββββββ βββ βββββββββββββββββββββββββββ βββ
βββ βββββββββββββ βββ βββββββββββββββββββββββββββ βββ
bad-antics β’ Network Traffic Analyzer
[*] Analyzing: capture.pcap
[+] Packets processed: 142,857
[+] Flows identified: 3,421
ββββββββββββββββββββββββββββββββββββββββββββ
β Traffic Statistics β
ββββββββββββββββββββββββββββββββββββββββββββ€
β Total Bytes: 2.4 GB β
β Total Packets: 142,857 β
β Unique IPs: 1,234 β
β Duration: 3h 24m 15s β
ββββββββββββββββββββββββββββββββββββββββββββ€
β Protocol Breakdown: β
β TCP: 78.4% (111,999 pkts) β
β UDP: 19.2% (27,428 pkts) β
β ICMP: 2.4% (3,430 pkts) β
ββββββββββββββββββββββββββββββββββββββββββββ
-- Smart constructors ensure validation at creation
mkValidIP :: Word32 -> Either String ValidIP
mkValidPort :: Word16 -> Either String ValidPort
mkValidPath :: FilePath -> Either String ValidPath
-- Newtypes prevent mixing different data types
newtype ValidIP = ValidIP { getIP :: Word32 }
newtype ValidPort = ValidPort { getPort :: Word16 }
-- Pure functions with no side effects
analyzePacket :: ValidPacket -> Either AnalysisError PacketInfoNullSec Proprietary License - See LICENSE file for details.
bad-antics
- GitHub: @bad-antics
- Website: bad-antics.github.io
- Twitter: x.com/AnonAntics
Part of the NullSec Security Framework
"Mathematically provable security through pure functional programming"