Back to Projects
C++17libpcapIDSNetwork SecuritySystems Programming
SentinelFlow
SentinelFlow is a real-time network intrusion detection system that captures live network traffic or processes pcap files, dissects protocol headers across multiple OSI layers, identifies known attack signatures and anomalies, and exports security alerts to console and CSV formats.
01. Problem
Network intrusion detection requires deep packet inspection at wire speed. Commercial IDS solutions are opaque — building one from scratch reveals how protocol dissection, signature matching, and stateful analysis actually work.
02. Solution Overview
- Implemented layered protocol dissection covering Ethernet, IPv4, TCP, UDP, ICMP, DNS, and ARP
- Built a Snort-inspired configurable rule engine for flexible signature matching
- Added stateful threat detection for port scans, SYN floods, and DNS tunneling
- Engineered for throughput: 28M+ packets/sec parsing performance
Build
Tech Stack
C++17libpcapCMakeGoogle TestSnort-inspired RulesBPF Filters
- • Live network capture via libpcap with configurable BPF filters
- • Layered protocol dissection: Ethernet, IPv4, TCP, UDP, ICMP, DNS, ARP
- • Snort-inspired configurable rule engine with signature matching
- • Stateful threat detection (port scans, SYN floods, DNS tunneling)
Secure
- Color-coded severity-level alerting (LOW → CRITICAL)
- 27 unit/integration tests covering all protocol layers
- CSV export for forensic analysis and SIEM integration
- Configurable BPF filters for targeted capture
03. Proof & Verification
Verified Claims
- >Throughput: 28M+ packets/sec parsing performance
- >Protocol coverage: 7 protocols across Layers 2-7
- >27 unit/integration tests — all passing
- >Supports both live capture and pcap file analysis