The goal is to provide interactive network visibility with AI-assisted threat interpretation, while remaining local-first and easy to run. A Windows executable build is also available.
Repo: https://github.com/JustVugg/Wiredigg
⸻
What it does
Real-time packet capture • Live traffic sniffing • Protocol analysis (TCP, UDP, ICMP, HTTP, etc.) • Filtering by IP, port, and protocol • Promiscuous mode support
Machine learning anomaly detection • Detection of unusual traffic patterns • Threat classification with severity levels • False-positive marking and incremental retraining • User-assisted model refinement
Ollama integration (local LLM) • Sends flagged anomalies to a locally running model via Ollama • Generates contextual, human-readable explanations • Adds reasoning on top of statistical detections • Fully offline if Ollama is local
Threat intelligence & dashboards • Malicious IP/domain checks • Interactive tables and traffic statistics • Graph-based visualizations • Exportable reports (HTML, JSON, text)
IoT & device analysis • Device identification and classification • Behavioral pattern analysis • Risk evaluation based on traffic activity
Custom packet tools • Manual packet crafting for testing • Control over IP, port, protocol, and payload
Running it
From source:
git clone https://github.com/JustVugg/Wiredigg pip install -r requirements.txt python wiredigg.py
Administrator/root privileges are required for packet capture.
Alternatively, you can use the provided Windows .exe build.
⸻
Why I built it
Many packet analyzers are either: • CLI-heavy and technical • Or large enterprise systems
I wanted something: • Visual • AI-augmented • Local-first • Extensible in Python • Usable for labs, small networks, and learning
Happy to get feedback, especially on the ML and Ollama integration approach.