AGAtharva GhamBackend · Platform · Security
Theme
Menu
Back to projects

Security Product2026

Featured project

Enterprise NIDS: Network Detection and Analysis Platform

Built a Python-based network detection platform that supports offline PCAP investigation, live traffic capture, explainable incident reporting, and a FastAPI dashboard with operational telemetry.

Turned packet analysis into a product-shaped workflow by combining capture, detection, visualization, reporting, and runtime health into one system that is easier to demo, investigate, and operate.

Architecture Diagram

How the system fits together

This visual is meant to show the operating shape of the project at a glance: where input begins, where decisions happen, and what the useful output surface actually is.

ScopeSecurity Product
Signals2 analysis modes
Diagram of Enterprise NIDS showing packet ingestion, detection and enrichment engines, report generation, telemetry storage, and a FastAPI dashboard.

Diagram of Enterprise NIDS showing packet ingestion, detection and enrichment engines, report generation, telemetry storage, and a FastAPI dashboard.

Snapshot

What matters most in this project

2 analysis modesOffline PCAP and live capture workflows
FastAPI + UIDashboard, APIs, and report access
GitHub-readyCI, docs, and rendered architecture diagram

Challenge

The hard part was making low-level network analysis readable and operationally useful at the same time. Raw packets and flows are not enough on their own, so the platform had to connect capture, detection, diagrams, reports, and runtime visibility without becoming a pile of disconnected scripts.

Result

Enterprise NIDS now works as an end-to-end detection and analysis platform with capture workflows, report artifacts, a browser dashboard, CI coverage, and GitHub-ready documentation including a rendered architecture diagram.

Approach

  • Built dual execution paths for offline PCAP analysis and continuous live capture so the same platform supports investigations and near-real-time monitoring.
  • Layered deterministic detections, fingerprinting, anomaly scoring, deep packet inspection, and project-aware traffic context into one analysis pipeline.
  • Added Mermaid-based traffic diagrams, markdown and JSON report generation, SQLite-backed telemetry, and a FastAPI dashboard to make results explainable to both engineers and non-specialists.

Architecture

  • Packet ingestion flows through parser backends, flow tracking, and TCP stream reconstruction before detections and enrichments are applied.
  • Detection layers combine heuristics, JA3 and p0f fingerprinting, anomaly scoring, DPI carving, and project-context enrichment to generate readable findings.
  • Output surfaces include SQLite telemetry, markdown and JSON forensic artifacts, Mermaid diagrams, and a FastAPI dashboard that exposes health, alerts, and analysis state.

Impact

Turned packet analysis into a product-shaped workflow by combining capture, detection, visualization, reporting, and runtime health into one system that is easier to demo, investigate, and operate.

  • Supports live packet capture and offline PCAP replay in one codebase.
  • Produces explainable incident reports, anomaly stories, protocol inventories, and Mermaid sequence and flow diagrams.
  • Exposes runtime health, IPS activity, DPI carve history, and recent operations through a dashboard and API layer.

Tradeoffs and Decisions

  • Accepted a broader platform scope because the useful version of the project needed capture, explanation, and runtime visibility together, not just packet parsing.
  • Kept the dashboard grounded in generated artifacts and local telemetry rather than pretending the project is already a cloud-scale SIEM.
  • Used Mermaid for architecture and traffic visualization because GitHub-native rendering made the project easier to publish and explain.

Stack

Tools and technologies behind the work

PythonFastAPISQLiteScapyDPKTMermaidGitHub Actions