|
1 | | -NetGuard: |
2 | | -NetGuard is a high-performance Network Intrusion Detection System (NIDS) implemented in modern C++ with CMake. It provides real-time network traffic analysis, multi-layer protocol parsing, custom rule-based detection, and a threat alerting system. Designed for extensibility, NetGuard aims to evolve into a Network Intrusion Prevention System (NIPS) with active mitigation capabilities. |
3 | | - |
4 | | -Features |
5 | | -Core Capabilities |
6 | | - |
7 | | -Packet Processing: |
8 | | - |
9 | | -Ethernet frame parsing |
10 | | - |
11 | | -IPv4 and IPv6 support |
12 | | - |
13 | | -TCP, UDP, and ICMP analysis |
14 | | - |
15 | | -Full HTTP request and response parsing with all standard headers |
16 | | - |
17 | | -Detection Engine: |
18 | | - |
19 | | -Signature-based detection |
20 | | - |
21 | | -Protocol anomaly detection |
22 | | - |
23 | | -Stateful pattern matching |
24 | | - |
25 | | -Custom rule support |
26 | | - |
27 | | -Performance: |
28 | | - |
29 | | -Multi-threaded processing |
30 | | - |
31 | | -Zero-copy parsing |
32 | | - |
33 | | -Rule optimization |
34 | | - |
35 | | -Supported Protocols |
36 | | - |
37 | | -Ethernet |
38 | | - |
39 | | -IP (v4) |
40 | | - |
41 | | -ARP |
42 | | - |
43 | | -TCP |
44 | | - |
45 | | -UDP |
46 | | - |
47 | | -ICMP |
48 | | - |
49 | | -HTTP |
50 | | - |
51 | | -Future Protocol Support |
52 | | -NetGuard/ |
53 | | -├── config/ # Network interface configuration |
54 | | -│ └── interface.cfg |
55 | | -├── docs/ # Project documentation |
56 | | -│ └── design.md |
57 | | -├── include/ # Header files |
58 | | -│ ├── config/ |
59 | | -│ ├── parsing/ |
60 | | -│ ├── rules/ |
61 | | -│ └── utils/ |
62 | | -├── rules/ |
63 | | -│ ├── exploits/ |
64 | | -│ └── protocols/ |
65 | | -├── src/ |
66 | | -│ ├── config/ |
67 | | -│ ├── parsing/ |
68 | | -│ ├── rules/ |
69 | | -│ └── utils/ |
70 | | -├── tests/ |
71 | | -└── CMakeLists.txt |
72 | | - |
73 | | -Dependencies: |
74 | | - |
75 | | -C++17 compiler (GCC 9+, Clang 10+, MSVC 2019+) |
76 | | - |
77 | | -CMake 3.14+ |
78 | | - |
79 | | -libpcap 1.9.0+ (Linux/macOS) or npcap (Windows) |
80 | | - |
81 | | -Installation: |
82 | | -Linux/macOS |
83 | | -sudo apt-get install libpcap-dev cmake g++ |
84 | | -git clone https://github.com/out-sec/NetGuard.git |
85 | | -cd NetGuard |
86 | | -mkdir build && cd build |
87 | | -cmake -DCMAKE_BUILD_TYPE=Release .. |
88 | | -make -j$(nproc) |
89 | | -Windows |
90 | | - |
91 | | -Install npcap from https://npcap.com |
92 | | - |
93 | | -Install CMake from https://cmake.org/download/ |
94 | | - |
95 | | -Install a C++ compiler (Visual Studio 2019+ with C++ tools) |
96 | | - |
97 | | -Clone the repository and build with CMake |
98 | | - |
99 | | -Usage |
100 | | -1. Configure the Network Interface |
101 | | - |
102 | | -Edit: |
103 | | -config/interface.cfg |
104 | | -Example: |
105 | | -interface=ens33 |
106 | | -2. Run NetGuard (Live Capture Mode) |
107 | | -sudo ./build/netguard |
108 | | -Root privileges are required for packet capture. |
109 | | - |
110 | | -3. Test with a .pcap File |
111 | | - |
112 | | -You can replay captured traffic into the monitored interface: |
113 | | -sudo apt install tcpreplay |
114 | | -sudo tcpreplay --intf1=ens33 sample.pcap |
115 | | -Or modify the source code to read .pcap files directly for offline analysis. |
116 | | - |
117 | | -Contributing |
118 | | - |
119 | | -We welcome contributions! See CONTRIBUTION.md for guidelines. |
120 | | - |
121 | | -License |
122 | | - |
123 | | -MIT License — see LICENSE. |
124 | | - |
| 1 | +NetGuard |
| 2 | +A Modern C++ based Network Intrusion Detection System. |
0 commit comments