# AI-Assisted Troubleshooting with Ollama Use a local LLM to analyze your network traffic in real-time. This guide shows how to set up Qwen3 with Ollama so you can ask questions about your traffic in plain English - and the AI fetches the data itself. {% hint style="info" %} **Looking for OpenAI/ChatGPT?** See the [MCP Server guide](/guides/devtools-guides/devtools-mcp-server.md) for connecting Codex CLI or ChatGPT to DevTools. {% endhint %} **What you'll build:** ``` You: "What external APIs is my app calling?" Qwen3: *fetches traffic from DevTools API* "Based on the traffic I captured, your application is connecting to: - api.stripe.com (payment-service container) - api.openai.com (risk-ai-sprawl container) - hooks.slack.com (multiple containers) ..." ``` No copy/paste. No manual data wrangling. The LLM calls the DevTools API directly. *** ## Prerequisites * Linux host with Qtap installed * \~3GB disk space for the Qwen3 model *** ## Quick Start (No Code) The simplest approach: capture traffic, paste into any LLM. ```bash # Capture 10 seconds of traffic curl -sN --max-time 10 http://localhost:10001/devtools/api/events | \ grep "^data:" | head -30 | sed 's/^data: //' ``` Copy the output and paste it into ChatGPT, Claude, or `ollama run qwen3:4b` with a question like: > "Here's my network traffic. What external services am I calling? Are there any errors?" This works great for one-off debugging. For a more integrated experience, continue below. *** ## Setup ### Step 1: Install Ollama and Python Library ```bash # Install Ollama curl -fsSL https://ollama.ai/install.sh | sh # Pull the model ollama pull qwen3:4b # Install Python library pip install ollama ``` ### Step 2: Start Qtap with DevTools {% tabs %} {% tab title="Binary" %} ```bash sudo qtap --enable-dev-tools ``` {% endtab %} {% tab title="Docker" %} ```bash docker run -d --name qtap \ --user 0:0 --privileged \ --cap-add CAP_BPF --cap-add CAP_SYS_ADMIN \ --pid=host --network=host \ -v /sys:/sys \ -v /var/run/docker.sock:/var/run/docker.sock \ -e TINI_SUBREAPER=1 \ -e ENABLE_DEV_TOOLS=true \ --ulimit=memlock=-1 \ us-docker.pkg.dev/qpoint-edge/public/qtap:v0 ``` {% endtab %} {% endtabs %} Verify DevTools is accessible: ```bash curl -s http://localhost:10001/devtools/api/events | head -3 ``` ### Step 3: Create the Traffic Analysis Script Save this as `traffic-chat.py`: ```python #!/usr/bin/env python3 """ Chat with an AI that can see your network traffic. Uses Qwen3 via Ollama with tool calling to query the DevTools API. """ import subprocess import json from ollama import chat def get_traffic(seconds: int = 5) -> str: """Capture recent network traffic from the DevTools API. Args: seconds: How many seconds of traffic to capture (default 5) Returns: JSON array of traffic events including HTTP requests, connections, and process information """ result = subprocess.run( ["curl", "-sN", "--max-time", str(seconds), "http://localhost:10001/devtools/api/events"], capture_output=True, text=True ) # Parse SSE format into JSON array events = [] for line in result.stdout.split('\n'): if line.startswith('data: '): try: events.append(json.loads(line[6:])) except json.JSONDecodeError: pass # Return summary to fit in context window return json.dumps(events[:50], indent=2) def chat_loop(): """Interactive chat loop with traffic analysis capability.""" print("Traffic Analysis Chat (Qwen3 + DevTools)") print("Ask questions about your network traffic.") print("Type 'quit' to exit.\n") messages = [] model = "qwen3:4b" # System prompt messages.append({ "role": "system", "content": """You are a network traffic analyst. You have access to a tool that captures real-time network traffic from a Linux server. The traffic data includes HTTP requests, connections, process information, and container metadata. When the user asks about traffic, use the get_traffic tool to fetch current data. Analyze the results and provide specific, actionable insights. Reference actual endpoints, status codes, container names, and other concrete details from the data. Keep responses concise and focused on what the user asked.""" }) while True: try: user_input = input("You: ").strip() except (KeyboardInterrupt, EOFError): print("\nGoodbye!") break if not user_input: continue if user_input.lower() in ('quit', 'exit', 'q'): print("Goodbye!") break messages.append({"role": "user", "content": user_input}) # First call - model may request tool use response = chat( model=model, messages=messages, tools=[get_traffic], ) # Handle tool calls if response.message.tool_calls: # Add assistant's tool request to history messages.append(response.message) for tool_call in response.message.tool_calls: print(f"[Fetching traffic data...]") # Execute the tool args = tool_call.function.arguments result = get_traffic(**args) # Add tool result to history messages.append({ "role": "tool", "content": result, }) # Get final response with tool results response = chat( model=model, messages=messages, tools=[get_traffic], ) # Print response assistant_message = response.message.content messages.append({"role": "assistant", "content": assistant_message}) print(f"\nQwen3: {assistant_message}\n") if __name__ == "__main__": chat_loop() ``` Make it executable: ```bash chmod +x traffic-chat.py ``` ### Step 4: Start Chatting ```bash python3 traffic-chat.py ``` Example session: ``` Traffic Analysis Chat (Qwen3 + DevTools) Ask questions about your network traffic. Type 'quit' to exit. You: What external services is my application calling? [Fetching traffic data...] Qwen3: Based on the captured traffic, your application is connecting to: 1. **api.stripe.com** - from container `stripe-payment-service` 2. **api.openai.com** - from container `risk-ai-sprawl` 3. **hooks.slack.com** - from container `risk-intern-mistakes` 4. **generativelanguage.googleapis.com** - from container `risk-ai-sprawl` The Stripe and OpenAI connections are using TLS 1.3 with HTTP/2. You: Are there any failed requests? [Fetching traffic data...] Qwen3: Yes, I found 2 failed requests: 1. **POST healthlake.us-east-1.amazonaws.com/patients** → 400 Bad Request - Container: prove-healthcare-api - Error: "Interaction not supported" 2. **POST prometheus.io** → 404 Not Found - Container: inventory-metrics-collector You: quit Goodbye! ``` *** ## Example Questions **Debugging:** * "What external APIs is my app calling?" * "Are there any failed requests?" * "What's making requests to api.stripe.com?" * "Which requests are taking the longest?" **Security:** * "What data is being sent to external services?" * "Are there any unexpected outbound connections?" * "Which containers are making the most external calls?" **Analysis:** * "Summarize the traffic patterns" * "What's the breakdown of HTTP status codes?" * "How many unique endpoints are being contacted?" *** ## Troubleshooting ### "No traffic captured" Make sure Qtap is running and DevTools is enabled: ```bash curl -s http://localhost:10001/devtools/api/events | head -5 ``` ### Model seems slow Try reducing the capture window or using a smaller context: ```python # In get_traffic(), reduce events returned return json.dumps(events[:20], indent=2) # Fewer events ``` ### Tool not being called If Qwen3 responds without fetching data, be more explicit: ``` "Fetch the current traffic and tell me what services we're calling" ``` ### Ollama connection errors Ensure Ollama is running: ```bash ollama serve ``` *** ## Next Steps * [DevTools API Reference](/guides/devtools-guides/devtools-api.md) - Full API documentation * [DevTools Interface Guide](/guides/devtools-guides/devtools-interface-guide.md) - Use the browser UI alongside the AI * [Traffic Processing with Plugins](/getting-started/qtap/configuration/traffic-processing-with-plugins.md) - Configure what traffic gets captured --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.qpoint.io/guides/devtools-guides/ai-troubleshooting-with-devtools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.