Passive eBPF-powered LAN device fingerprinting and anomaly detection
lanscope watches LAN traffic, extracts metadata (ARP, DHCP, mDNS, SSDP) and uses eBPF for high‑performance capture. It builds a device registry, fingerprints each device, and runs an ML‑based anomaly detector, exposing results via a TUI or Prometheus. It works on any Linux host, with optional gateway or SPAN modes for full‑flow analysis, making it useful for home users, sysadmins, and security teams. Compared to generic packet sniffers, it offers built‑in device classification and anomaly scoring out of the box.
View on GitHub →aashish-thapa/lanscope