Network Monitoring and Intrusion Detection

True Protection by Jag includes advanced network monitoring capabilities that go beyond simple firewall rules. The network monitoring module tracks all network traffic and uses pattern analysis to detect intrusion attempts, data exfiltration, and suspicious communications.

Network Traffic Monitor

The traffic monitor provides real-time visibility into all network activity:

Active Connections: View all current network connections with details including remote IP, port, protocol, and the process making the connection.
Bandwidth Usage: Monitor data transfer rates by application and connection.
Connection History: Review past connections to identify unusual communication patterns.
Geographic Mapping: See where your network traffic is going with country-level geolocation data.

Intrusion Detection Features

Port Scan Detection: Alerts you when someone is probing your system for open ports.
ARP Spoofing Detection: Identifies attempts to intercept your network traffic through ARP poisoning.
DNS Hijacking Detection: Monitors DNS responses for signs of DNS-based attacks.
Brute Force Detection: Detects repeated failed authentication attempts targeting your system.

Accessing Network Monitoring

Navigate to Tools > Network Monitor to view the real-time dashboard. You can filter traffic by application, protocol, or destination. Set up custom alerts for specific types of network activity in Settings > Network > Alert Rules.