๐ NullSec NetSeer
February 27, 2026 ยท View on GitHub
Secure Passive Network Traffic Analyzer
Pure functional design with strong type safety and immutable data structures
Features โข Installation โข Usage โข Security
๐ฏ Overview
NullSec NetSeer is a Secure passive network traffic analyzer written in Haskell. It leverages the power of pure functional programming to provide mathematically provable security guarantees through strong typing and immutability.
โจ Features
- ๐ Traffic Analysis - Deep packet inspection and flow analysis
- ๐ Protocol Detection - Identify protocols in network streams
- ๐ Statistics - Real-time traffic statistics and metrics
- ๐ก๏ธ Type-Safe - Strong typing prevents entire classes of bugs
- โป๏ธ Immutable - No side effects in core analysis logic
- ๐ Reports - Comprehensive traffic reports
๐ก๏ธ Security Features
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ NullSec NetSeer v2.0.0 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ Pure Functional Design โ
โ โ Strong Type Safety (Newtypes) โ
โ โ Smart Constructors for Validation โ
โ โ Bounded Data Structures โ
โ โ Immutable Data Throughout โ
โ โ Explicit Error Handling (No Exceptions) โ
โ โ Memory Exhaustion Prevention โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ฆ Installation
From Source
# Clone the repository
git clone https://github.com/bad-antics/nullsec-netseer.git
cd nullsec-netseer
# Build with Cabal
cabal update
cabal build
# Or with Stack
stack build
# Install
cabal install
Requirements
- GHC 9.4 or later
- Cabal 3.8+ or Stack 2.9+
- libpcap development libraries
Dependencies
- base >= 4.16
- bytestring >= 0.11
- containers >= 0.6
- time >= 1.12
- directory >= 1.3
๐ Usage
# Analyze pcap file
./nullsec-netseer --input capture.pcap
# Live capture (requires root)
sudo ./nullsec-netseer --interface eth0
# Generate statistics report
./nullsec-netseer --input capture.pcap --stats
# Filter by protocol
./nullsec-netseer --input capture.pcap --protocol tcp
# Export analysis
./nullsec-netseer --input capture.pcap --output analysis.json
Command Line Options
| Flag | Description |
|---|---|
--input <file> | Input pcap file to analyze |
--interface <if> | Live capture interface |
--stats | Show traffic statistics |
--protocol <proto> | Filter by protocol |
--top <n> | Show top N flows |
--output <file> | Output file for reports |
--verbose | Enable verbose output |
--version | Show version information |
๐ Output Example
โโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโ โโโโโโโโโ โโโ โโโโโโโโโโโโโโ โโโโโโ โโโโโโโโ
โโโโโโโโโโโโโโโโ โโโ โโโโโโโโโโโโโโ โโโโโโ โโโโโโโโ
โโโ โโโโโโโโโโโโโโ โโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโ
โโโ โโโโโโโโโโโโโ โโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโ
bad-antics โข Network Traffic Analyzer
[*] Analyzing: capture.pcap
[+] Packets processed: 142,857
[+] Flows identified: 3,421
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Traffic Statistics โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Total Bytes: 2.4 GB โ
โ Total Packets: 142,857 โ
โ Unique IPs: 1,234 โ
โ Duration: 3h 24m 15s โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Protocol Breakdown: โ
โ TCP: 78.4% (111,999 pkts) โ
โ UDP: 19.2% (27,428 pkts) โ
โ ICMP: 2.4% (3,430 pkts) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Type Safety Architecture
-- Smart constructors ensure validation at creation
mkValidIP :: Word32 -> Either String ValidIP
mkValidPort :: Word16 -> Either String ValidPort
mkValidPath :: FilePath -> Either String ValidPath
-- Newtypes prevent mixing different data types
newtype ValidIP = ValidIP { getIP :: Word32 }
newtype ValidPort = ValidPort { getPort :: Word16 }
-- Pure functions with no side effects
analyzePacket :: ValidPacket -> Either AnalysisError PacketInfo
๐ License
NullSec Proprietary License - See LICENSE file for details.
๐ค Author
bad-antics
- GitHub: @bad-antics
- Website: bad-antics.github.io
- Twitter: x.com/AnonAntics
Part of the NullSec Security Framework
"Mathematically provable security through pure functional programming"