NetScan-AI

AI-powered network traffic analyzer built with Rust and Tauri.
Capture traffic, visualize flows, and control the app in natural language.

Report Bug  ·  Request Feature

---

Table of Contents

1. About The Project
2. Built With
3. Getting Started
   • Prerequisites
   • Installation
4. Usage
5. Roadmap
6. Contributing
7. License
8. Contact
9. Acknowledgments

---

About The Project

NetScan-AI is a fork of Sonar, an open-source desktop application for network traffic capture and flow matrix generation. It extends Sonar's solid capture engine with an integrated AI assistant and an interactive network graph.

Key features:

AI Assistant

• Integrated chat panel — VS Code-style sidebar (toggle with Ctrl+I)
• Multi-provider support — Anthropic (Claude), OpenAI (GPT-4o), Google Gemini, LM Studio (local, no API key), and any OpenAI-compatible endpoint
• Tool calling — the AI can start/stop/reset capture, apply or clear BPF filters, read and summarize the flow matrix, and export to CSV
• CORS bypass — HTTP calls to local servers are routed through a Rust proxy, so LM Studio works out of the box

Network Capture Engine

• Promiscuous-mode capture on the selected interface with real-time flow matrix reconstruction
• BPF filter builder with preset rules and live preview
• Import .pcap files for offline analysis
• Automatic PCAP recording to the Downloads folder on session start
• Protocol support: Ethernet/MAC, VLAN 802.1Q, IPv4, IPv6, ARP, ICMPv4/v6, UDP, TCP, HTTP, DNS, TLS, QUIC

Network Graph

• Force-directed layout with toggleable gravity
• Device fingerprinting — nodes are auto-identified by MAC OUI and IP heuristics and display a matching icon (Router/Switch, Server, PC, Mobile, Apple, Windows, Linux/RPi, Printer, VM, Internet)
• Colored ring per node: private vs. public address
• Manual type override and label editing from the info panel
• Export graph as PNG or SVG

Export & Rules

• CSV — full flow matrix as a spreadsheet
• Snort rules — .rules file from captured flows
• Suricata rules — .rules file with metadata headers
• iptables script — bash ACCEPT rules for observed traffic

(back to top)

---

Built With

(back to top)

---

Getting Started

Prerequisites

Install the system-level packet capture library for your platform.

Linux (Debian / Ubuntu)

sudo apt install libpcap-dev

After building, grant network capabilities to the binary (re-run after each recompile):

sudo setcap cap_net_raw,cap_net_admin=eip src-tauri/target/debug/netscan-ai

NixOS

A shell.nix is provided at the repository root — it includes libpcap and libcap:

nix-shell
sudo setcap cap_net_raw,cap_net_admin=eip src-tauri/target/debug/netscan-ai

Windows

1. Install NPcap (select "WinPcap API-compatible mode").
2. Install the WinPcap Developer Pack.
3. Add the /Lib or /Lib/x64 folder to the LIB environment variable.

macOS

libpcap is bundled with macOS — no additional setup required.

---

Installation

1. Clone the repository:

   git clone https://github.com/Sonar-team/Sonar_desktop_app.git
   cd Sonar_desktop_app

2. Install frontend dependencies:

   npm install

3. Start the app in development mode:

   npm run tauri dev

(back to top)

---

Usage

1. Select a network interface from the dropdown in the capture panel.
2. Start capture — click the ▶ button or ask the AI: "Start capture".
3. Watch the graph — nodes and edges appear as traffic flows are detected. Hover a node to see its fingerprinted device type.
4. Ask the AI — open the sidebar (Ctrl+I) and type in natural language:
   • "What hosts are communicating the most?"
   • "Apply a filter for TCP port 443"
   • "Export the flow matrix to CSV"
5. Build a BPF filter — click the Filter button for a guided builder with presets.
6. Export rules — use the toolbar dropdown to generate Snort, Suricata, or iptables rules from the captured flows.
7. Import a PCAP — use the Import panel to load an existing .pcap file for offline analysis.

(back to top)

---

Roadmap

• Multi-provider AI assistant (Anthropic, OpenAI, Gemini, LM Studio)
• AI tool calling (start/stop capture, BPF filters, flow matrix query, CSV export)
• Force-directed network graph with device fingerprinting
• BPF filter builder
• Snort / Suricata / iptables rule export
• PCAP import and automatic recording
• Anomaly detection — flag unusual traffic patterns automatically
• Traffic classification — identify applications with ML models
• Flow prediction — anticipate network behaviour over time

See the open issues for a full list of proposed features and known bugs.

(back to top)

---

Contributing

Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would improve this project, please fork the repository and create a pull request. You can also open an issue with the label enhancement.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

(back to top)

---

License

Distributed under the AGPL-3.0 License. See LICENSE.md for more information.

(back to top)

---

Contact

Project Link: https://github.com/apanchoo/NetScan-AI

(back to top)

---

Acknowledgments

• Sonar — the upstream project this fork is based on
• Tauri — the framework that makes cross-platform Rust + web UI possible
• v-network-graph — force-directed graph component for Vue
• libpcap / NPcap — packet capture libraries
• Best-README-Template — README structure

(back to top)

---