A smart, privacy-focused application that passively monitors your network activity and translates it into real-time insights about your digital productivity.
- Uses Scapy with Npcap to monitor traffic on ports:
- 53 (DNS)
- 80 (HTTP)
- 443, 8080, 8443 (HTTPS)
- DNS query monitoring
- SSL/TLS SNI extraction (for HTTPS sites)
- HTTP header inspection
- IP-to-domain mapping via DNS responses
- Filters out:
- CDNs (Cloudflare, Akamai, etc.)
- Cloud service domains
- Reverse DNS noise
- Only captures actual website domains
- Instantly categorizes domains as:
- โ Productive
- โ Unproductive
- โช Neutral
based on customizable rules
- DNS Sniffer (
dns_sniffer.py): Captures and processes raw network packets - Data Collector (
data_collector.py): Aggregates network data and extracts ML-ready features - Website Classifier (
website_classifier.py): scikit-learn based ML model for domain categorization (Productive/Unproductive/Neutral) - Content Analyzer (
content_analyzer.py): NLTK-powered text analysis for enhanced classification - Anomaly Detector (
anomaly_detector.py): Real-time anomaly detection for suspicious network activity - Auto Trainer (
auto_trainer.py): Continuous model retraining with user feedback - Model Storage (
model_storage.py): Persistent model serialization and versioning - Network Monitor (
network_usage.py): Tracks bandwidth usage and connections - Productivity Predictor (
productivity_predictor.py): Forecasts productivity trends - Dashboard (
dashboard.py): Tkinter-based GUI with real-time visualizations and anomaly alerts
- โ Real-time tracking of websites (e.g. YouTube, Netflix, Instagram, GitHub)
- โ Productivity scoring algorithm (0โ100%)
- โ Time spent analysis per category
- โ Live bandwidth monitoring
- โ Multi-layer packet analysis (DNS, HTTP, HTTPS/SNI)
- โ Automatic IP-to-domain mapping with reverse DNS validation
- ๐ Real-time usage graphs
- ๐ Interactive pie charts showing productivity distribution
- ๐ฏ Color-coded activity logs
- ๐ฑ Multi-tab GUI dashboard with 6 specialized views:
- Overview (live stats)
- Websites (detailed access log)
- Timeline (productivity trends)
- Productivity (scoring breakdown)
- Anomalies (security alerts)
- Insights (recommendations)
- ๐ก Personalized productivity recommendations
- โก Instant statistics and real-time alerts
- ๐ Historical activity tracking
- ๐ฎ Customizable website classifications
- ๐ค ML-powered website categorization (scikit-learn)
- ๐ NLP analysis for enhanced accuracy (NLTK)
- ๐จ Real-time anomaly detection for suspicious network patterns:
- Unusual packet rates (high/low thresholds)
- Unexpected bandwidth spikes
- Abnormal connection patterns
- ๐ฏ Smart alerting with confidence scoring (0.0-1.0)
- ๐ Historical anomaly tracking and trend analysis
โ ๏ธ Live anomaly feed in dashboard with timestamps
- ๐ง Continuous model improvement with user feedback
- ๐ scikit-learn RandomForest classifier
- ๐ Automatic retraining triggered by domain misclassifications
- ๐พ Persistent model storage with versioning
- ๐ Feature engineering: TLD analysis, domain length, keyword matching
- ๐ฏ Adaptive learning from user corrections
Most users donโt realize how much time they waste online.
This tool brings digital self-awareness by providing clear, actionable data about browsing habits.
- ๐งโ๐ป Personal Productivity: Focus tracking & time management
- ๐ข Workplace Monitoring: Employee analytics (with consent)
- ๐ Education: Helps students monitor study vs distraction
- ๐จโ๐ฉโ๐ง Parental Control: Track kidsโ online activity trends
- Overcomes modern web complexity:
- CDNs
- HTTPS encryption
- Dynamic IP/domain mapping
- Combines multi-layer packet analysis with smart local filtering
- Fully real-time, no delay or lag
- Local-only processing, ensuring privacy
- โ
Bypassed Modern Web Obstacles:
- Handles HTTPS and CDN-heavy traffic
- Accurately detects actual domains (e.g.
youtube.com, notytcdn.net) - Robust port handling for IP:port combinations in ML pipeline
- โ
Intelligent Filtering:
- Eliminates infrastructure noise
- Domain normalization and deduplication
- โ
High Performance:
- Real-time packet processing + GUI updates
- Non-blocking background threads for ML inference
- Efficient feature extraction and caching
- โ
Machine Learning Integration:
- Custom feature engineering pipeline
- Thread-safe model training and inference
- Persistent model storage with metadata
- โ
Anomaly Detection:
- Statistical threshold-based detection
- Deque-based alert history with automatic pruning
- Real-time scoring with confidence metrics
- โ
User-Friendly Interface:
- Converts complex network data into readable insights
- 6 specialized dashboard tabs with rich visualizations
- Live anomaly alerts with severity indicators
- โ TensorFlow Optimization: Suppressed oneDNN warnings for cleaner startup
- โ ML Pipeline Fix: Added port stripping in domain feature extraction to handle IP:port strings
- โ
Anomaly Display Implementation:
- Real-time anomaly alerts now display in Anomalies tab
- Shows timestamp, alert message, and confidence score
- Reverse chronological ordering (newest first)
- Thread-safe deque access pattern
- โ Enhanced Error Handling: Improved robustness in network data processing
- Python 3.8+ (tested on 3.10+)
- Windows OS (with Npcap driver for packet capture)
- Administrator privileges (required for packet sniffing)
-
Clone the repository
git clone https://github.com/yourusername/NetSense.git cd NetSense -
Create virtual environment
python -m venv .venv .venv\Scripts\activate
-
Install dependencies
pip install -r requirements.txt
-
Run the application
python main.py
- scapy: Packet capture and analysis
- scikit-learn: ML model training and inference
- pandas: Data processing
- matplotlib/seaborn: Visualization
- nltk: NLP analysis
- psutil: System monitoring
- tkinter: GUI framework
See requirements.txt for complete list with versions.
- Npcap: Required for packet capture on Windows
- Download from: https://nmap.org/npcap/
- Install with WinPcap compatibility checked
- Admin privileges: Application must run as administrator
NetSense/
โโโ main.py # Entry point
โโโ dns_sniffer.py # Packet capture engine
โโโ data_collector.py # Network data aggregation
โโโ website_classifier.py # ML-based domain classification
โโโ content_analyzer.py # NLTK-powered text analysis
โโโ anomaly_detector.py # Real-time anomaly detection
โโโ auto_trainer.py # Continuous model retraining
โโโ model_storage.py # Model persistence
โโโ network_usage.py # Bandwidth monitoring
โโโ productivity_predictor.py # Trend forecasting
โโโ dashboard.py # GUI dashboard (Tkinter)
โโโ requirements.txt # Production dependencies
โโโ ml_data/ # ML training data cache
โ โโโ training_data.json # Historical training samples
โ โโโ feature_cache.json # Cached feature vectors
โโโ ml_models/ # Trained model storage
โ โโโ website_classifier_*.pkl # Classification model
โ โโโ feature_scaler_*.pkl # Feature normalization
โ โโโ models_metadata.json # Model metadata
โโโ README.md # This file
The application displays real-time analytics across 6 main tabs:
- Live statistics: total productivity score, uptime, active connections
- Real-time bandwidth usage graphs
- Current network activity status
- Detailed log of all visited websites
- Classification status (Productive/Unproductive/Neutral)
- Visit timestamps and duration
- Right-click to mark as misclassified for model retraining
- Productivity trends over time
- Hourly/daily productivity breakdown
- Visual patterns of your work habits
- Export trends for analysis
- Category-wise productivity breakdown
- Pie charts showing time distribution
- Top productive and unproductive websites
- Customizable category definitions
- Real-time security alerts
- Suspicious network patterns detected:
- High packet rate bursts
- Unusual bandwidth spikes
- Abnormal connection patterns
- Alert severity with confidence scoring
- Timestamp and detailed anomaly messages
- Historical anomaly tracking
- AI-generated recommendations
- Productivity improvement suggestions
- Time management tips
- Personalized insights based on your patterns
- Start/Stop Capture: Begin/end network monitoring
- Clear Data: Reset current session statistics
- Custom Classifications: Edit website categorization rules
- Model Training: View model performance metrics
- Settings: Configure sensitivity, thresholds, alerts
- Algorithm: scikit-learn RandomForestClassifier
- Features:
- Domain name characteristics (TLD, length, structure)
- Keyword matching (productivity keywords vs distractions)
- Historical classification data
- User feedback corrections
- Training: Automatic on domain misclassification correction
- Inference: Real-time classification during packet analysis
- Method: Statistical threshold-based detection
- Metrics Monitored:
- Packet rate (packets per minute)
- Bandwidth usage (MB per timeframe)
- Connection count spikes
- Unusual protocol distributions
- Scoring: Confidence scores (0.0-1.0) for each alert
- History: Last 20 anomalies retained with full metadata
- Triggered when user corrects domain classification
- Retrains model with expanded feature set
- Versions models with metadata timestamps
- Graceful fallback to previous model if training fails
- ๐ Local Processing Only โ No data ever leaves your machine
- ๐ซ No Storage โ No logs or user data saved
- ๐ Transparent โ Open-source for full code visibility
- โ Consent-based Design โ Intended for personal, ethical use
- ๐ No Packet Payload Inspection โ Only metadata analyzed
- ๐ No External API Calls โ Completely offline operation
This project demonstrates how network programming, behavioral analytics, machine learning, and data visualization can power real-world, high-impact applications.
It transforms raw packet data into real insights that help users:
- Stay productive โ Understand where time is spent
- Detect threats โ Real-time anomaly alerts for suspicious activity
- Optimize workflows โ Data-driven productivity recommendations
- Take control โ Machine learning adapts to your definitions
It bridges the gap between low-level networking and practical productivity tools with intelligent automation.
Issue: "Permission Denied" or "Admin required"
- Solution: Run the application as Administrator (right-click โ Run as administrator)
Issue: "Npcap not found" or packet capture not working
- Solution: Install Npcap from https://nmap.org/npcap/ with WinPcap compatibility enabled
Issue: "ModuleNotFoundError" for dependencies
- Solution: Run
pip install -r requirements.txtin activated virtual environment
Issue: No websites appearing in dashboard
- Solution:
- Ensure capture is running (Start button)
- Generate network traffic (visit websites, use browser)
- Check that your network interface is selected
- May take 5-10 seconds for first entries to appear
Issue: ML model crashes with "could not convert string to float"
- Solution: Ensure you're running the latest version with port-handling fixes
Issue: Anomalies not showing in Anomalies tab
- Solution:
- Check that capture is active
- Anomalies may need 30+ seconds of capture for baseline
- Ensure thresholds are appropriately configured
- Check application logs for errors
Issue: Dashboard freezes during packet capture
- Solution:
- ML model inference runs in background threads
- Initial model training may take 30 seconds on first run
- Let application settle for 1-2 minutes after starting
- QUICKSTART.md: Step-by-step setup guide
- START_HERE.md: First-time user guide
- TODO.md: Planned features and improvements
- IMPROVEMENTS.md: Recent enhancements summary
- CHANGES_SUMMARY.md: Version history
Contributions are welcome! Areas for improvement:
- Feature Requests: New analysis metrics or visualizations
- Bug Fixes: Edge cases in packet capture or ML pipeline
- Performance: Optimization for large datasets
- Documentation: Clearer guides and examples
- UI/UX: Enhanced dashboard design and usability
# Clone and setup
git clone <repo>
cd NetSense
python -m venv .venv
.venv\Scripts\activate
pip install -r requirements.txt
# Run tests (if available)
pytest
# Make changes and submit PR- Issues: GitHub Issues page
- Discussions: GitHub Discussions for questions
- Email: (contact information)
This project is licensed under the MIT License - see LICENSE file for details.
- Scapy: For powerful packet manipulation
- scikit-learn: For machine learning capabilities
- Tkinter: For the cross-platform GUI
- NLTK: For natural language processing
- Matplotlib: For beautiful visualizations
๐ Digital awareness starts with understanding your traffic. NetSense makes it possible.
Built with โค๏ธ for productivity, powered by data. ๐