A lightweight Python-based Intrusion Detection System that monitors real-time TCP traffic to detect potential port scanning attacks. Built using Scapy for packet sniffing and Tkinter for an interactive GUI.
- ✅ Real-time packet sniffing using Scapy
- ✅ Detection of suspicious IPs scanning multiple TCP ports
- ✅ GUI built with Tkinter
- ✅ Start/Stop monitoring controls
- ✅ Live alert feed
- ✅ View logs from previous sessions
- ✅ Light/Dark mode toggle
Intrusion-Detection-System/
│
├── gui.py # main user interface
├── ids_engine.py # packet sniffing and detection logic
├── simulate_tcp.py # test script to simulate a port scan
├── suspicious_log.txt # log file for suspicious activity
├── README.md # project documentation
- Python 3.x installed
- Install dependencies using pip:
pip install scapy- Launch the GUI:
python gui.py-
Start Monitoring from the GUI.
-
In another terminal, simulate a TCP port scan:
python simulate_tcp.py- Detected intrusions will appear in the GUI and log file.
This file simulates a port scan by attempting rapid TCP connections across a range of ports on your local machine.
Make sure the target_ip matches your system's local IP (ipconfig on Windows to check).
Suspicious activity is saved in suspicious_log.txt with timestamps for future reference.
- Designed for educational and testing purposes only.
- Windows users may need to run the terminal/VS Code as Administrator to allow packet sniffing.
Fragan Dsouza
📎 LinkedIn
💻 GitHub
This project is open-source and free to use under the MIT License.