AI-Assisted Troubleshooting with Ollama

Use a local LLM to analyze your network traffic in real-time. This guide shows how to set up Qwen3 with Ollama so you can ask questions about your traffic in plain English - and the AI fetches the data itself.

Looking for OpenAI/ChatGPT? See the MCP Server guide for connecting Codex CLI or ChatGPT to DevTools.

What you'll build:

You: "What external APIs is my app calling?"

Qwen3: *fetches traffic from DevTools API*
"Based on the traffic I captured, your application is connecting to:
- api.stripe.com (payment-service container)
- api.openai.com (risk-ai-sprawl container)
- hooks.slack.com (multiple containers)
..."

No copy/paste. No manual data wrangling. The LLM calls the DevTools API directly.

Prerequisites

Linux host with Qtap installed
~3GB disk space for the Qwen3 model

Quick Start (No Code)

The simplest approach: capture traffic, paste into any LLM.

# Capture 10 seconds of traffic
curl -sN --max-time 10 http://localhost:10001/devtools/api/events | \
  grep "^data:" | head -30 | sed 's/^data: //'

Copy the output and paste it into ChatGPT, Claude, or ollama run qwen3:4b with a question like:

"Here's my network traffic. What external services am I calling? Are there any errors?"

This works great for one-off debugging. For a more integrated experience, continue below.

Setup

Step 1: Install Ollama and Python Library

# Install Ollama
curl -fsSL https://ollama.ai/install.sh | sh

# Pull the model
ollama pull qwen3:4b

# Install Python library
pip install ollama

Step 2: Start Qtap with DevTools

sudo qtap --enable-dev-tools

docker run -d --name qtap \
  --user 0:0 --privileged \
  --cap-add CAP_BPF --cap-add CAP_SYS_ADMIN \
  --pid=host --network=host \
  -v /sys:/sys \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e TINI_SUBREAPER=1 \
  -e ENABLE_DEV_TOOLS=true \
  --ulimit=memlock=-1 \
  us-docker.pkg.dev/qpoint-edge/public/qtap:v0

Verify DevTools is accessible:

curl -s http://localhost:10001/devtools/api/events | head -3

Step 3: Create the Traffic Analysis Script

Save this as traffic-chat.py:

#!/usr/bin/env python3
"""
Chat with an AI that can see your network traffic.
Uses Qwen3 via Ollama with tool calling to query the DevTools API.
"""

import subprocess
import json
from ollama import chat

def get_traffic(seconds: int = 5) -> str:
    """Capture recent network traffic from the DevTools API.

    Args:
        seconds: How many seconds of traffic to capture (default 5)

    Returns:
        JSON array of traffic events including HTTP requests,
        connections, and process information
    """
    result = subprocess.run(
        ["curl", "-sN", "--max-time", str(seconds),
         "http://localhost:10001/devtools/api/events"],
        capture_output=True,
        text=True
    )

    # Parse SSE format into JSON array
    events = []
    for line in result.stdout.split('\n'):
        if line.startswith('data: '):
            try:
                events.append(json.loads(line[6:]))
            except json.JSONDecodeError:
                pass

    # Return summary to fit in context window
    return json.dumps(events[:50], indent=2)


def chat_loop():
    """Interactive chat loop with traffic analysis capability."""

    print("Traffic Analysis Chat (Qwen3 + DevTools)")
    print("Ask questions about your network traffic.")
    print("Type 'quit' to exit.\n")

    messages = []
    model = "qwen3:4b"

    # System prompt
    messages.append({
        "role": "system",
        "content": """You are a network traffic analyst. You have access to a tool
that captures real-time network traffic from a Linux server. The traffic data
includes HTTP requests, connections, process information, and container metadata.

When the user asks about traffic, use the get_traffic tool to fetch current data.
Analyze the results and provide specific, actionable insights. Reference actual
endpoints, status codes, container names, and other concrete details from the data.

Keep responses concise and focused on what the user asked."""
    })

    while True:
        try:
            user_input = input("You: ").strip()
        except (KeyboardInterrupt, EOFError):
            print("\nGoodbye!")
            break

        if not user_input:
            continue
        if user_input.lower() in ('quit', 'exit', 'q'):
            print("Goodbye!")
            break

        messages.append({"role": "user", "content": user_input})

        # First call - model may request tool use
        response = chat(
            model=model,
            messages=messages,
            tools=[get_traffic],
        )

        # Handle tool calls
        if response.message.tool_calls:
            # Add assistant's tool request to history
            messages.append(response.message)

            for tool_call in response.message.tool_calls:
                print(f"[Fetching traffic data...]")

                # Execute the tool
                args = tool_call.function.arguments
                result = get_traffic(**args)

                # Add tool result to history
                messages.append({
                    "role": "tool",
                    "content": result,
                })

            # Get final response with tool results
            response = chat(
                model=model,
                messages=messages,
                tools=[get_traffic],
            )

        # Print response
        assistant_message = response.message.content
        messages.append({"role": "assistant", "content": assistant_message})
        print(f"\nQwen3: {assistant_message}\n")


if __name__ == "__main__":
    chat_loop()

Make it executable:

chmod +x traffic-chat.py

Step 4: Start Chatting

python3 traffic-chat.py

Example session:

Traffic Analysis Chat (Qwen3 + DevTools)
Ask questions about your network traffic.
Type 'quit' to exit.

You: What external services is my application calling?
[Fetching traffic data...]

Qwen3: Based on the captured traffic, your application is connecting to:

1. **api.stripe.com** - from container `stripe-payment-service`
2. **api.openai.com** - from container `risk-ai-sprawl`
3. **hooks.slack.com** - from container `risk-intern-mistakes`
4. **generativelanguage.googleapis.com** - from container `risk-ai-sprawl`

The Stripe and OpenAI connections are using TLS 1.3 with HTTP/2.

You: Are there any failed requests?
[Fetching traffic data...]

Qwen3: Yes, I found 2 failed requests:

1. **POST healthlake.us-east-1.amazonaws.com/patients** → 400 Bad Request
   - Container: prove-healthcare-api
   - Error: "Interaction not supported"

2. **POST prometheus.io** → 404 Not Found
   - Container: inventory-metrics-collector

You: quit
Goodbye!

Example Questions

Debugging:

"What external APIs is my app calling?"
"Are there any failed requests?"
"What's making requests to api.stripe.com?"
"Which requests are taking the longest?"

Security:

"What data is being sent to external services?"
"Are there any unexpected outbound connections?"
"Which containers are making the most external calls?"

Analysis:

"Summarize the traffic patterns"
"What's the breakdown of HTTP status codes?"
"How many unique endpoints are being contacted?"

Troubleshooting

"No traffic captured"

Make sure Qtap is running and DevTools is enabled:

curl -s http://localhost:10001/devtools/api/events | head -5

Model seems slow

Try reducing the capture window or using a smaller context:

# In get_traffic(), reduce events returned
return json.dumps(events[:20], indent=2)  # Fewer events

Tool not being called

If Qwen3 responds without fetching data, be more explicit:

"Fetch the current traffic and tell me what services we're calling"

Ollama connection errors

Ensure Ollama is running:

ollama serve

Next Steps

DevTools API Reference - Full API documentation
DevTools Interface Guide - Use the browser UI alongside the AI
Traffic Processing with Plugins - Configure what traffic gets captured

PreviousDevTools API NextDevTools MCP Server

Last updated 14 days ago