A real-time network monitoring and visualization tool that analyzes network traffic and displays connections on an interactive 3D globe.
- Geo-Visualization - Displays network connections on an interactive world map
- Packet Sniffing - Captures TCP, UDP, and ICMP packets in real-time
- Local Network - Detects and visualizes devices on the local network (mDNS)
- Threat Detection - Integrated threat intelligence (FireHOL blocklists)
- Live Statistics - Real-time network statistics and connection analysis
- IP Pinning - Pin important IPs and track them separately
- Flexible Filtering - TCP/UDP filters, local/external network toggle
Supports Windows, Linux, and macOS.
- Windows: Run
start.bat(requests admin rights automatically) - Linux/macOS: Run
./run.sh(requires root/sudo for packet sniffing)
- Python: 3.8+
- Privileges: Administrator/root rights (required for packet sniffing)
- Windows: Npcap or WinPcap
# Download and install from: https://npcap.com/git clone https://github.com/arn-c0de/GDEF-Connect-Spoofer.git
cd GDEF-Connect-Spoofer# Windows (run as administrator):
start.bat
# Linux/macOS:
sudo ./run.shThe launcher script automatically:
- Creates a virtual environment (venv)
- Installs all dependencies from
requirements.txt - Prompts for interface selection on first start
- Generates all configuration files on first run
- Starts the application
- Start with admin/root privileges
- Select a network interface: Choose an interface from the list on first start
- Open your browser: Navigate to
http://localhost:8000 - Monitor network traffic: IPs appear on the globe in real-time
Press I within 5 seconds when the launcher script starts.
- Backend: Python 3, Flask, Flask-SocketIO
- Packet Sniffing: Scapy
- Frontend: HTML5, JavaScript, Three.js, Globe.gl
- Database: SQLite3
- Service Discovery: Zeroconf (mDNS)
Configuration files are generated automatically on first start in the database/ directory:
backend_conf.json- Network interface selectiontrusted_organisations.json- Organization classification (trusted, suspicious, dangerous)
ConnectSpoofer/
├── app.py # Main application (Flask server, packet sniffing)
├── start.bat # Windows launcher with auto-setup
├── run.sh # Linux/macOS launcher with auto-setup
├── select_interface.py # Interface selection tool
├── debug_interfaces.py # Interface debugging tool
├── requirements.txt # Python dependencies
├── README.md # Documentation
├── database/ # SQLite databases & configs (generated)
│ ├── backend_conf.json # Backend configuration (generated on first start)
│ ├── trusted_organisations.json # Trusted organizations list (generated on first start)
│ ├── geo_data.db # SQLite geo database (generated)
│ └── datasets/ # GeoIP databases
│ └── *.mmdb # MaxMind GeoIP2 databases
├── static/ # Frontend static assets
│ ├── globe.js # 3D globe visualization
│ ├── init-globe.js # Globe initialization
│ └── styles.css # CSS styling
├── templates/ # Flask HTML templates
│ └── index.html # Main dashboard
└── images/ # Project images
└── Connectspoofer-link.png # Screenshot
Only use for defensive security analysis Requires administrator/root privileges Comply with local laws regarding network monitoring
This tool is intended exclusively for:
- Network security analysis
- Your own networks and systems
- Educational purposes
- Penetration testing (with authorization)
scapy>=2.7.0
requests>=2.32.5
zeroconf>=0.148.0
flask>=3.1.2
flask-socketio>=5.6.0
python-socketio>=5.16.0
This project is intended for legal and ethical purposes only. The author assumes no responsibility for misuse.
- Install Npcap: https://npcap.com/
- Enable "WinPcap API-compatible Mode" during installation
- Press
Din the interface menu for debug information - Alternatively run
debug_interfaces.py
start.batrequests admin rights automatically- If not: Right-click -> "Run as administrator"
- Linux/macOS: Use
sudo ./run.sh
arn-c0de GitHub: @arn-c0de