Use a local LLM to analyze your network traffic in real-time. This guide shows how to set up Qwen3 with Ollama so you can ask questions about your traffic in plain English - and the AI fetches the data itself.
Looking for OpenAI/ChatGPT? See the MCP Server guide for connecting Codex CLI or ChatGPT to DevTools.
What you'll build:
You: "What external APIs is my app calling?"
Qwen3: *fetches traffic from DevTools API*
"Based on the traffic I captured, your application is connecting to:
- api.stripe.com (payment-service container)
- api.openai.com (risk-ai-sprawl container)
- hooks.slack.com (multiple containers)
..."
No copy/paste. No manual data wrangling. The LLM calls the DevTools API directly.
Prerequisites
Linux host with Qtap installed
~3GB disk space for the Qwen3 model
Quick Start (No Code)
The simplest approach: capture traffic, paste into any LLM.
Copy the output and paste it into ChatGPT, Claude, or ollama run qwen3:4b with a question like:
"Here's my network traffic. What external services am I calling? Are there any errors?"
This works great for one-off debugging. For a more integrated experience, continue below.
Setup
Step 1: Install Ollama and Python Library
Step 2: Start Qtap with DevTools
Verify DevTools is accessible:
Step 3: Create the Traffic Analysis Script
Save this as traffic-chat.py:
Make it executable:
Step 4: Start Chatting
Example session:
Example Questions
Debugging:
"What external APIs is my app calling?"
"Are there any failed requests?"
"What's making requests to api.stripe.com?"
"Which requests are taking the longest?"
Security:
"What data is being sent to external services?"
"Are there any unexpected outbound connections?"
"Which containers are making the most external calls?"
Analysis:
"Summarize the traffic patterns"
"What's the breakdown of HTTP status codes?"
"How many unique endpoints are being contacted?"
Troubleshooting
"No traffic captured"
Make sure Qtap is running and DevTools is enabled:
Model seems slow
Try reducing the capture window or using a smaller context:
Tool not being called
If Qwen3 responds without fetching data, be more explicit:
curl -s http://localhost:10001/devtools/api/events | head -3
#!/usr/bin/env python3
"""
Chat with an AI that can see your network traffic.
Uses Qwen3 via Ollama with tool calling to query the DevTools API.
"""
import subprocess
import json
from ollama import chat
def get_traffic(seconds: int = 5) -> str:
"""Capture recent network traffic from the DevTools API.
Args:
seconds: How many seconds of traffic to capture (default 5)
Returns:
JSON array of traffic events including HTTP requests,
connections, and process information
"""
result = subprocess.run(
["curl", "-sN", "--max-time", str(seconds),
"http://localhost:10001/devtools/api/events"],
capture_output=True,
text=True
)
# Parse SSE format into JSON array
events = []
for line in result.stdout.split('\n'):
if line.startswith('data: '):
try:
events.append(json.loads(line[6:]))
except json.JSONDecodeError:
pass
# Return summary to fit in context window
return json.dumps(events[:50], indent=2)
def chat_loop():
"""Interactive chat loop with traffic analysis capability."""
print("Traffic Analysis Chat (Qwen3 + DevTools)")
print("Ask questions about your network traffic.")
print("Type 'quit' to exit.\n")
messages = []
model = "qwen3:4b"
# System prompt
messages.append({
"role": "system",
"content": """You are a network traffic analyst. You have access to a tool
that captures real-time network traffic from a Linux server. The traffic data
includes HTTP requests, connections, process information, and container metadata.
When the user asks about traffic, use the get_traffic tool to fetch current data.
Analyze the results and provide specific, actionable insights. Reference actual
endpoints, status codes, container names, and other concrete details from the data.
Keep responses concise and focused on what the user asked."""
})
while True:
try:
user_input = input("You: ").strip()
except (KeyboardInterrupt, EOFError):
print("\nGoodbye!")
break
if not user_input:
continue
if user_input.lower() in ('quit', 'exit', 'q'):
print("Goodbye!")
break
messages.append({"role": "user", "content": user_input})
# First call - model may request tool use
response = chat(
model=model,
messages=messages,
tools=[get_traffic],
)
# Handle tool calls
if response.message.tool_calls:
# Add assistant's tool request to history
messages.append(response.message)
for tool_call in response.message.tool_calls:
print(f"[Fetching traffic data...]")
# Execute the tool
args = tool_call.function.arguments
result = get_traffic(**args)
# Add tool result to history
messages.append({
"role": "tool",
"content": result,
})
# Get final response with tool results
response = chat(
model=model,
messages=messages,
tools=[get_traffic],
)
# Print response
assistant_message = response.message.content
messages.append({"role": "assistant", "content": assistant_message})
print(f"\nQwen3: {assistant_message}\n")
if __name__ == "__main__":
chat_loop()
chmod +x traffic-chat.py
python3 traffic-chat.py
Traffic Analysis Chat (Qwen3 + DevTools)
Ask questions about your network traffic.
Type 'quit' to exit.
You: What external services is my application calling?
[Fetching traffic data...]
Qwen3: Based on the captured traffic, your application is connecting to:
1. **api.stripe.com** - from container `stripe-payment-service`
2. **api.openai.com** - from container `risk-ai-sprawl`
3. **hooks.slack.com** - from container `risk-intern-mistakes`
4. **generativelanguage.googleapis.com** - from container `risk-ai-sprawl`
The Stripe and OpenAI connections are using TLS 1.3 with HTTP/2.
You: Are there any failed requests?
[Fetching traffic data...]
Qwen3: Yes, I found 2 failed requests:
1. **POST healthlake.us-east-1.amazonaws.com/patients** → 400 Bad Request
- Container: prove-healthcare-api
- Error: "Interaction not supported"
2. **POST prometheus.io** → 404 Not Found
- Container: inventory-metrics-collector
You: quit
Goodbye!
curl -s http://localhost:10001/devtools/api/events | head -5
# In get_traffic(), reduce events returned
return json.dumps(events[:20], indent=2) # Fewer events
"Fetch the current traffic and tell me what services we're calling"
