Netrivo v1.0 | Real-Time Network Packet Analyzer

Network Intelligence, Real-Time v1.0 Stable

Real-time network intelligence, from kernel to dashboard.

Capture raw network traffic at the kernel level with sub-microsecond latency, decode protocol layers defensively, and inspect live activity through an interactive web-based dashboard or high-performance terminal CLI. 100% local, lightweight, and engineered for deep network visibility.

Download for Windows v1.0.0 · x64 · Stable View Documentation Getting Started Guide

Windows 10/11 · Requires Npcap · ~150MB Disk Space

Packets / Sec

Dashboard Pages

Layers Decoded

Language Pipeline

Local Processing

Architecture

Three languages. One real-time pipeline.

Engineered at every layer for predictable performance, safety, and visual clarity.

C++ Capture Engine

C++17 / Npcap

Bypasses user-space queues. Fixed-size kernel buffers are drained instantly with zero-copy operations. Ensures zero drops even during 10,000+ packets/second throughput without garbage collection latency.

Analysis Pipeline

Python 3.11 / FastAPI

Handles parsing, aggregation, and tracking logic. Runs O(1) protocol verification, groups bidirectional network flows, calculates moving averages, and checks traffic patterns for potential port scans.

Web UI Dashboard

React 19 / Vite

Renders real-time telemetry tables, protocol distributions, and device topology with sub-10ms latency. Virtual DOM updates keep UI layout changes smooth and non-blocking under high event rates.

Features

Everything you need to see your network clearly.

Real-time capabilities engineered to provide granular insight into network packets, devices, and threats.

01 / CAPTURE

Kernel-Level Traffic Interception

Bypass traditional userspace capture bottlenecks. Netrivo binds directly to kernel-space buffer queues using libpcap and Npcap. Supported Berkeley Packet Filters (BPF) filter out unwanted packets inside the kernel environment, reducing processing overhead before packets reach userspace.

Sustained 10,000+ pps capture capacity
Zero-copy buffer pipeline for low overhead
Custom interface bindings with customizable snapshot lengths

ETH0 → KERNEL BUFFER

02 / DECODE

Defensive Protocol Decoding

Decapsulate packets without risking backend instability. Every packet parser validates header offsets defensively, verifying bounds for variable fields (such as IPv4 IHL and TCP Options). The engine outputs structured, immutable schemas for immediate processing.

Ethernet II frame validation
IPv4 structure decoders with checksum verification
TCP, UDP, and ICMP protocol handlers

DECODE CHAIN

03 / ANALYZE

Real-Time Flow Statistics

Obtain clean traffic measurements. The telemetry pipeline filters data rates using an exponential moving average (alpha=0.3) to prevent UI display jitter. Tracks flows using a 5-tuple table, automatically classifying bandwidth anomalies and elephant connections exceeding 1MB in volume.

Exponential moving average rate calculations
Bidirectional 5-tuple flow aggregation
100,000 active flow tracking cache capacity

TRAFFIC DIST & TALKERS

8.2K PPS

192.168.1.104 4.2 MB

10.0.0.12 2.8 MB

8.8.8.8 980 KB

04 / VISUALIZE

Dynamic Topology Mapping

Visualize active endpoints layout-free. The dashboard plots live nodes in a force-directed graph governed by real-time particle flows. Nodes are clustered automatically based on trust-zone rules, with interactive scaling to inspect connection details.

Adaptive node repulsion and layout clustering
Activity-scaled edge width with flow animation
Focus mode highlighting adjacent nodes and endpoints

LIVE TOPOLOGY MAP

05 / IDENTIFY

Application & Device Identity

Identify endpoints passively. The system monitors TLS client hellos and DNS traffic to catalog endpoints. Determines vendor details, OS targets, device classes (such as printer, laptop, or server), and security levels without generating active probes.

DNS & SNI service fingerprinting
Manufacturer vendor ID mapping
Inventory lookup tables with timestamp tracking

PASSIVE DEVICE DISCOVERY

Workstation-01 00:1A:2B:3C:4D:5E · Intel

OS: Windows 11 Risk: Low

Main-Router E4:8D:8C:12:34:56 · Cisco

OS: Linux Kernel Risk: Med

IOT-Camera BC:D1:D2:3E:4F:7A · Generic

OS: Unknown RTOS Risk: High

06 / SECURE

Real-Time Threat Center

Identify suspicious activity without active probes. Netrivo analyzes incoming traffic behaviors using rules for port scans and protocol manipulation. Warnings light up the dashboard, tracking alerts with no remote cloud reporting.

Behavioral port scan analysis and threshold triggers
Dynamic traffic flood metrics and detection rules
Completely local data path for operational security

THREAT WARNING CONSOLE

ALERT [PORT_SCAN]: 192.168.1.182

Target: 192.168.1.1 (Ports 21, 22, 80, 443)

Threshold: >20 hits in 500ms

07 / CONTROL

Dual Interface — Web & CLI

Deploy how you want. Inspect results inside the modern web-based UI across 8 live dashboard views, or run Netrivo within terminal-only setups using the robust command-line client for automation scripts.

8-page React-powered web interface
Verbose, summary, and quiet CLI execution parameters
Offline validation using standard PCAP format records

CLI / WEB UI SPLIT

$ ./netrivo --interface eth0

[INFO] Engine initialising...

[CAPTURING] BPF: 'tcp port 443'

12:58:25 [TCP] 192.168.1.12:5432 → 8.8.8.8:443

12:58:26 [FLOW] Elephant detected (1.4MB)

Screenshots

See Netrivo in action.

A high-fidelity dashboard engineered to process real-time telemetry efficiently.

Dashboard Overview

Packets / Sec 8,421

Active Flows 1,245

Bandwidth Rate 6.4 Mbps

Throughput Trend (5m)

Visual telemetry trends and protocol breakdowns updated every 10ms.

Device Topology Map

Interactive force-directed node visualization clustering active hosts dynamically.

Live Traffic Feed

Time	Protocol	Source	Destination	Length
12:58:25.102	TCP	192.168.1.104	142.250.190.46	1,420 B
12:58:25.105	UDP	192.168.1.1	8.8.8.8	78 B
12:58:25.110	ICMP	192.168.1.12	192.168.1.1	32 B
12:58:25.118	TCP	192.168.1.104	20.205.243.166	540 B

Real-time packet capture grid with custom interface protocol coloring.

Threat Center Alerts

PORT SCAN DETECTED

Source: 192.168.1.182

High Risk

UNUSUAL TRAFFIC VOLUME

Source: Workstation-01 → Router

Medium

Anomaly detection engine flagging threat indices and scan attempts.

Why Netrivo

Built for depth and clarity.

A network analyzer structured to provide immediate operational insights locally.

Kernel-Level Performance

Harness native performance. Using Npcap and libpcap bindings written in C++17, the application drains network buffers quickly, allowing sustained capturing without frame dropping.

Real-Time Visual Intelligence

Understand patterns as they happen. Skip reading dense, static text logs; inspect active traffic structures visually via the interactive dashboard interface.

Open, Extensible Pipeline

Expand the analyzer's parser capabilities easily. Decoupling the C++ capture engine, Python parser logic, and React dashboard makes it simple to integrate custom decoders.

Get Started

Deploy in minutes.

Simple desktop installation with clear requirements and guide steps.

System Requirements

OS	Windows 10 or 11 (64-bit)
Privileges	Administrator permissions (for raw socket bindings)
Dependencies	Npcap Packet Capture Library Download Npcap
Disk Space	~150 MB (Self-contained package)

Getting Started Guide

Download Installer

Get the Netrivo setup program from our secure local mirror link.

Install Npcap Driver

Ensure Npcap is configured with WinPcap compatibility mode selected.

Elevate Privileges

Run Netrivo.exe with administrator privileges to permit interface bindings.

Start Capturing

Select an active adapter, configure custom filters, and start parsing traffic.

FAQ

Questions, answered.

Technical answers addressing architecture, privileges, and product capabilities.

What is Netrivo?

Netrivo is a real-time network packet analyzer that captures raw network traffic at the kernel level, decodes protocol headers defensively, tracks communication flows, and displays insights in a live local dashboard. Unlike traditional analyzers that save logs for offline analysis, Netrivo focuses on real-time visual inspection of local interfaces.

Do I need to install anything else?

Yes, Netrivo requires the Npcap library (on Windows systems) for kernel-level socket binding and promiscuous mode capture. You can download Npcap from the official Npcap site. If Npcap is missing, Netrivo will operate only in offline replay mode using existing PCAP files.

Is my data sent to the cloud?

No. Netrivo handles all processing entirely locally. Captured data never leaves your computer, and the telemetry dashboard binds by default to 127.0.0.1. Local HTTP API requests and WebSocket streams are secured with a token-based authentication token parameter (X-Netrivo-Token).

Why does this need Administrator access?

Capturing packets requires raw socket bindings and interface promiscuous mode configurations, both of which require administrator rights on Windows. However, only the C++ capture engine requires elevated privileges; the analysis pipeline and React-based user interface layers can be run as a standard user.

What platforms are supported?

The initial v1.0 release is optimized for 64-bit Windows systems (Windows 10/11) as a standalone desktop app. However, the core logic layers are designed for cross-platform compatibility, permitting simple deployment on macOS and Linux environments.

Is this open source?

Netrivo is developed under an educational and research architecture. While designed for network inspection and training, it is structured as an independent proprietary desktop product.

What's planned for future versions?

Our roadmap includes introducing native IPv6 decoding support, adding TLS/HTTP/DNS payload decoding options, exporting captures into standard PCAP files, and integrating keyword search functionality across live traffic tables.

Start seeing your network in real time.

Download Netrivo v1.0 and begin inspecting your packet streams with kernel-level performance.

Download Netrivo v1.0 for Windows ~150MB · Windows 10/11 · 64-bit