This project is a simple real-time Intrusion Detection System (IDS) built with Python and Scapy. It's designed to monitor network traffic and detect potential threats, such as SYN Flood attacks.
This is a learning project based on the concepts described in this freeCodeCamp article.
- Real-time Packet Sniffing: Captures and analyzes network packets on the fly.
- SYN Flood Detection: Identifies potential Denial-of-Service (DoS) attacks by monitoring the rate of SYN packets from a single source IP.
- Configurable: Easily adjust detection parameters like the time window and packet thresholds.
The IDS listens to network traffic on a specified interface. For each packet, it checks if it's a TCP packet with the SYN flag set. It maintains a record of recent SYN packets for each source IP address. If the number of SYN packets from a single IP exceeds a defined threshold within a specific time window, it raises an alert.
- Python 3.7+
- Scapy
You will also need administrative/root privileges to run the packet sniffer.
-
Clone the repository:
git clone https://github.com/dimuzzo/intrusion-detection-tester.git cd intrusion-detection-tester -
Install the dependencies: It's recommended to use a virtual environment.
# Create and activate a virtual environment (optional but recommended) python -m venv venv venv\Scripts\activate # Install the required packages pip install -r requirements.txt
You need to run the script with root privileges to allow Scapy to access raw sockets for packet sniffing.
python src/main.pyYou can also specify a network interface to monitor:
python src/main.py --interface eth0The script will start monitoring the traffic and print an alert to the console if a potential SYN flood attack is detected.
This is a basic educational tool and should not be used as a standalone, production-grade security solution.
Created with passion by dimuzzo