This project was a precursor to the work I did on my Master's thesis, which is much better and complete. You can read about it here.
Zeno is a tool that, by analyzing the traffic of a given network, can detect what service is being used. It can detect if the user is browsing, listening to Spotify (or both), watching a Youtube video... and even differentiate it from a Pornhub video!
The analysis of the traffic is non-intrusive, so this will work even on ciphered traffic.
Currently, this tool can identify:
- YouTube
- Regular Browsing
- Spotify
- PornHub
-
Tshark
sudo apt-get install tshark -
PyShark
pip3 install pyshark -
Netaddr
pip3 install netaddr -
SciPy
pip3 install scipy -
NumPy
pip3 install numpy -
Matplotlib
pip3 install matplotlib -
Flask
pip3 install flask flask-cors
Go into the zeno folder and run the file api.py as such:
python3 api.py -i [interface] -c [client-networks] -s [service-networks]
For example:
python3 api.py -i eth0 -c 192.1.1.10/0 -s 0.0.0.0/0
With the command above we are capturing packets on the interface eth0. The client network is the IP on that interface and the service IP is 0.0.0.0/0, which means we will capture all the arriving packets.
NOTE: You may need to run the above command as root, if you don't have permissions to use tshark. Other solutions can be found here.
You can also view the info using the dashboard.html in the frontend folder.
- Repo made public :)
- General repo cleanup
- New captures
- Frontend bug fix
- Classifying tool updated
- Flask API to send info
- Frontend to see info
- Deprecated files
- Multithreading - can capture and analyze at the same time
- New captures
- Normalization of data
- Classifying tool updated
- Spotify classfication
- New captures
- Youtube classification
- Browser classification
- New captures