Live network packet sniffer with a browser-based dashboard.
Captures packets off your network interface in real time and streams them to a dark-themed dashboard in your browser β protocol breakdown, top IPs, packets-per-second timeline, and a live-scrolling packet table with colour-coded severity.
sudo /path/to/venv/bin/netspy β http://127.0.0.1:5000
Once running, you get a live dashboard showing:
- Every packet your machine sends and receives
- Protocol breakdown: HTTPS, TCP, UDP, DNS, ICMP, ARP
- Top source and destination IPs
- Packets per second sparkline
- Colour-coded severity (red = suspicious, yellow = worth watching)
- Filter buttons: ALL / TCP / UDP / DNS / HTTP / HTTPS / ICMP / ARP / β SUSPICIOUS
- Search by IP, port, or any keyword
- Python 3.8+
- Linux or macOS (Windows not supported β Scapy requires raw sockets)
sudo/ root access (required for packet capture)- Your network interface name (find it with
ip aβ usuallywlan0oreth0)
# 1. Clone the repo
git clone https://github.com/kazim-45/netspy.git
cd netspy
# 2. Create a virtual environment
python3 -m venv venv
# 3. Activate it
source venv/bin/activate
# 4. Install dependencies manually first
pip install scapy flask rich
# 5. Install the package
pip install -e .Important: You must use the full path to the venv binary with sudo. Using just sudo netspy will fail because sudo uses a different PATH that doesn't know about your venv.
# From inside your netspy folder:
sudo $(pwd)/venv/bin/netspyOr with the full absolute path:
sudo /home/yourname/netspy/venv/bin/netspyThe dashboard will open automatically at http://127.0.0.1:5000.
- Select your interface from the dropdown in the top right (e.g.
wlan0for WiFi,eth0for ethernet). Runip ain a terminal if you're unsure which one. - Optionally set a BPF filter β see examples below.
- Press βΆ START β packets appear immediately.
- Use the filter buttons to focus on specific protocols.
- Use the search box to filter by IP address, port, or keyword.
- Press β STOP to pause capture. CLR to clear all packets.
ip aLook for the interface that has your local IP (e.g. 192.168.x.x). Common names:
| Interface | Meaning |
|---|---|
wlan0 |
WiFi (most common on Linux) |
eth0 |
Ethernet cable |
enp3s0 |
Ethernet (newer naming) |
lo |
Loopback β skip this one |
Type these into the filter box before pressing START to focus on specific traffic:
| Filter | What it captures |
|---|---|
tcp port 443 |
HTTPS traffic only |
tcp port 80 |
HTTP traffic only |
udp port 53 |
DNS queries only |
icmp |
Ping traffic only |
host 8.8.8.8 |
Traffic to/from Google DNS |
not port 22 |
Everything except SSH |
src net 192.168.1.0/24 |
All traffic from your LAN |
Watch your DNS queries in real time:
nslookup google.com
nslookup instagram.comClick the DNS filter β see every domain your machine resolves.
Watch your browser's connections: Open any website, click HTTPS filter. See every server your browser contacts β a single webpage often hits 10+ different IPs.
Ping something and watch it:
ping 8.8.8.8 -c 5Click ICMP β see Echo Request and Echo Reply packets in real time.
Scan yourself and see what a port scan looks like:
nmap -sS 192.168.1.x # your own IPWatch the SUSPICIOUS filter light up with a flood of TCP SYN packets.
Identify an IP in your top sources:
whois 57.144.148.145 # replace with any IP from the dashboardnetspy/
βββ netspy_pkg/
β βββ __init__.py
β βββ capture.py β Scapy sniffer, packet parser, ring buffer
β βββ app.py β Flask routes and JSON API
β βββ cli.py β netspy command entry point
β βββ templates/
β βββ dashboard.html β entire frontend (HTML + CSS + JS)
βββ pyproject.toml
βββ requirements.txt
βββ README.md
Capture thread β Scapy's sniff() runs in a background thread with root privileges. Every packet gets parsed into a structured dict (protocol, source IP, destination IP, ports, TCP flags, info string, severity level) and added to a thread-safe ring buffer capped at 500 packets.
Flask server β serves the dashboard and exposes two API endpoints. The browser polls /api/packets?since=N every second to fetch only new packets, and /api/stats for the sidebar counters and timeline data.
Dashboard β pure HTML/CSS/JS, no frameworks, no build step. The donut chart is SVG, the sparkline is Canvas 2D. The packet table uses a fast-append path when auto-scrolled to the bottom so it stays smooth even at high packet rates.
sudo netspy: command not found
Don't use sudo netspy. Use the full venv path:
sudo $(pwd)/venv/bin/netspyDashboard loads but 0 packets after pressing START
You're running without sudo. Scapy needs root to open raw sockets. Stop and relaunch with sudo.
No module named 'netspy_pkg'
The package folder structure is wrong. Make sure your folder looks like this β netspy_pkg/ must be a subfolder containing __init__.py, not loose files in the root:
netspy/
βββ netspy_pkg/
β βββ __init__.py
β βββ app.py
β βββ capture.py
β βββ cli.py
β βββ templates/
β βββ dashboard.html
βββ pyproject.toml
Then reinstall: pip install -e .
500 Internal Server Error in browser
The templates folder is in the wrong place. It must be inside netspy_pkg/, not at the project root. Move it:
mv templates/ netspy_pkg/templates/
pip install -e .scapyβ packet capture and parsingflaskβ web server and JSON APIrichβ terminal startup output
Only capture traffic on networks you own or have explicit permission to monitor. Capturing traffic on public or corporate networks without authorization is illegal in most countries. Use NetSpy on your own machine or home lab only.
MIT β use it, fork it, build on it.
Built by kazim-45 β part of a cybersecurity CLI toolkit alongside MetaHunter, MilkyWay-CTF, PassAudit, LogWatch, and VaultScan.