Network monitor tool checks for suspicious keywords; uses scapy
python network_monitor.pyline 23: self.suspicious_keywords = ['malicious.com', 'suspicious_ip', 'localhost', 'any ip address', 'any key word'] - this is your list for keywords, websites, a sort of no-no list...line 53: sniff(prn=self.alert, store=False) captures all packets, use filters to capture ip/tcp/udp/icmp/arp/etc...
sniff(prn=self.alert, store=False, filter=tcp)extra settings:
line 34: uncomment this line #print(f"Captured payload: {payload}") to have a live view similar to wireshark