Network & Process Monitor Tool
2025-01-20 05:44:32.8166667
Log All Network Ips And Code Executed On Your PC
Github Link
In today’s cyber-threat landscape, real-time monitoring of your machines activity is essential. This powerful cybersecurity tool tracks incoming and outgoing IP connections, monitors running processes, and logs system activity, providing full visibility to prevent malicious intrusions.
Key Features:
- Real-Time IP Monitoring: Analyze every inbound and outbound connection.
- Process Surveillance: Track running applications and verify digital signatures.
- Firewall Automation: Automatically block threats based on geolocation analysis.
- Cyber Threat Intelligence: Identify and mitigate suspicious activity.
- PCAP Traffic Analysis: Store network packets for forensic investigations.
.NET SharpPcap
Our platform integrates SharpPcap, a powerful .NET library for packet capturing and network analysis. SharpPcap enables developers to interact with live network traffic and offline PCAP files, providing flexibility in building custom monitoring and forensic tools. By leveraging this robust framework, we can efficiently process and analyze network packets, extract valuable insights, and automate security detection mechanisms. Whether it's real-time traffic interception or deep packet inspection from stored data, SharpPcap enhances our ability to maintain visibility and ensure network integrity.
Database Structure for Monitoring
Process Monitoring Database Example
| Process Name | Signatures | Start Info | Parent Process | Files List |
|---|---|---|---|---|
| ExampleProcess.exe | Signed/Unsigned | Startup Parameters | ParentProcess.exe | File1.dll, File2.dll |
Network Monitoring Database Example
| IP Address | IP Version | Domains | Geolocation | Protocols | Ports | Threat Status |
|---|---|---|---|---|---|---|
| 192.168.1.1 | IPv4 | example.com | Country, City | TCP, UDP | 443, 80 | Safe/Suspicious |
Network Traffic Storage and Offline Analysis
With our approach, network packets are meticulously recorded and securely stored for later examination. This process allows for in-depth packet capture (PCAP) analysis using industry-standard tools such as Wireshark, tcpdump, and other forensic analysis solutions. Whether troubleshooting connectivity issues, identifying malicious activities, or auditing system logs, our robust storage ensures complete visibility into network traffic history.
Offline analysis provides the flexibility to investigate incidents without requiring real-time monitoring. This is especially crucial for forensic investigations, compliance audits, and cybersecurity assessments. By leveraging stored data, analysts can uncover trends, pinpoint network vulnerabilities, and make informed decisions to enhance network resilience.
Open-Source & Available on GitHub
This project is open-source and designed for educational purposes. Developers, cybersecurity researchers, and IT professionals can access and modify the code to enhance security features.
Why Make a Tool Like This Yourself?
- Strengthen network security with automated firewall updates.
- Monitor unauthorized IP connections and processes in real time.
- Analyze system activity for suspicious behavior and vulnerabilities.
- Perform forensic investigations with logged network packets.
- Enhance privacy and cybersecurity with data-driven threat intelligence.
Set Up
To set up the project, start by installing the Microsoft OLE DB Driver for SQL Server and an instance of SQL Express. Next, create a new database and run the two schema scripts (ByIp and ByProcessName). Don't forget to change the connection string. Then, install WinPcap, ensure you run the application as an administrator, and build the project for x64 architecture. Finally, add geolocation API key by visiting api.ipdata.co and creating an account.
Examples
Location Information
The following text shows the data received from a geolocation API:
- IP Address: ***.***.***.***
- City: Amsterdam
- Region: Noord Holland (NH)
- Region Type: Province
- Country: The Netherlands (NL)
- Continent: Europe (EU)
- Latitude: 52.3759
- Longitude: 4.8975
- Postal Code: 1012
- Calling Code: +31
- Flag:
- Emoji Flag: 🇳🇱
- Language: Dutch (Nederlands) [Code: nl]
- Currency: Euro (€) [Code: EUR]
- Time Zone: Europe/Amsterdam (CEST, Offset: +0200)
- Threat Status: No known threats detected
- Count: 142
Process Startup Information
The following command shows the parameters program azuredatastudio.exe was started with:
C:\********\********\Local\Programs\Azure Data Studio\azuredatastudio.exe --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\********\********\Roaming\azuredatastudio" --standard-schemes=vscode-webview,vscode-file --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3484,i,9570833253488652578,2633411548557227761,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess, WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:8
DLL File Signature
The following text shows the signature details for a DLL file:
- Verify: True
- Valid Until: September 10, 2025, 17:04:14 PM
- Issuer: CN=Microsoft Code Signing PCA 2011
- Organization: Microsoft Corporation
- Location: Redmond, Washington, US
Files Running Alongside a Process
The following text shows files, and file sections, program C:\Windows\System32.exe has executed:
- File (RW-): C:\Windows\System32
- Section: \BaseNamedObjects\__ComCatalogCache__
- Section: \BaseNamedObjects\__ComCatalogCache__
- Section: \BaseNamedObjects\C:\*ProgramData*Microsoft*Windows*Caches*cversions
- Section: \BaseNamedObjects\C:\*ProgramData*Microsoft*Windows*Caches*{********-****-****-****-************}.2.ver0x0000000000000002.db
- Section: \BaseNamedObjects\C:\*ProgramData*Microsoft*Windows*Caches*cversions
- Section: \BaseNamedObjects\C:\*ProgramData*Microsoft*Windows*Caches*{********-****-****-****-************}.2.ver0x0000000000000002.db
- Section: \BaseNamedObjects\C:\*ProgramData*Microsoft*Windows*Caches*cversions
- File (R-D): C:\Windows\System32\en-US\KernelBase.dll.mui
- File (R-D): C:\Windows\System32\en-US\combase.dll.mui
HTTP Packet Information
The following text shows the structure of an HTTP packet:
- Method: GET
- URL: https://example.com
- Version: HTTP/1.1
- Headers:
- Host: example.com
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Encoding: gzip, deflate, br
- Accept-Language: en-US,en;q=0.5
- Cache-Control: no-cache
- Content-Type: application/json
- Content-Length: 512
- Connection: keep-alive
- Referer: https://referer.com
- Authorization: Bearer *** **** ***
- Cookie: session_id=*** **** ***
- Origin: https://origin.com
- X-Forwarded-For: *** **** ***
- X-Requested-With: XMLHttpRequest
- Upgrade-Insecure-Requests: 1
- If-Modified-Since: Wed, 19 Jan 2025 12:34:56 GMT
- If-None-Match: "abc123"
- Transfer-Encoding: chunked
- Sec-Fetch-Dest: document
- Sec-Fetch-Mode: navigate
- Sec-Fetch-Site: same-origin
- Access-Control-Allow-Origin: *
- Access-Control-Allow-Methods: GET, POST
- Access-Control-Allow-Headers: Content-Type, Authorization
- ETag: "xyz987"
- Date: Thu, 17 Apr 2015 18:54:00 GMT
- Server: Apache/2.4.41 (Ubuntu)
- Expires: Fri, 3 May 2016 00:00:00 GMT
- Pragma: no-cache
- Body: {"message": "message"}
Raw Data
The following text shows Raw SSL encrypted IP packet data: