NetXDP is a high-performance, lightweight EDR/XDR (Endpoint/Extended Detection & Response) platform built with eBPF/XDP to provide real-time observability and threat detection directly from the Linux kernel. Designed for modern cloud and on-premise workloads, it enables deep packet inspection, behavioral detection, and programmable enforcement at the kernel level.
The README covers Agent and Kernel Modules - installation guide. Demo Video: https://youtu.be/l9-WGb4JlFQ Website: https://sentrilite.com Contact: info@sentrilite.com
- Automated DDoS solution at the kernel/xdp layer. Highly scalable and faster than iptables/nftables.
- Zero Trust: Inspect every packet right at the NIC level using advanced eBPF/XDP.
- Low Latency Networking: Kernel bypass/offloading.
- QoS: Identify slowdowns in network and prevent end user impact and revenue.
- Operational Efficiency: Drop packets early and save CPU/Memory/Network resources.
- No need for expensive high-speed NICs or specialized hardware.
- Avoid dependancy on third party CDNs for throughput management.
- Supports user-defined rules at the cluster level.
- Match on fields such as:
rate: packets per second. Manage network throughput.connections: total active connection count
- Upload Blacklist and Whitelist files seamlessly for the entire cluster with a single click.
-
XDR logic detects:
- Empty or truncated TCP/UDP packets
- Oversized packets
- Malformed headers
- Large number of connections
- Very high packet rate
- Invalid or Uknown protocol
-
Greylist: Puts bad IPs in greylist with a custom expiry time.
- Manage entire network cluster from a single main dashboard.
- View real-time events with color coding based on
risk_level - Grouped by server/IP for centralized management
- Generate PDF reports of alerts with LLM insights.
- Ubuntu 22.04+
- Root privileges (for loading eBPF/XDP programs)
- Kernel with eBPF support (Linux 5.8+ recommended)
| File | Purpose |
|---|---|
install.README |
This installation guide |
install.sh |
Script to load the ebpf kernel module |
xdp.o |
eBPF/XDP kernel object for netfork traffic monitoring and management |
netxdp |
Go websocket server that forwards live events to browser dashboard |
xdp-loader |
Tool to load and attach xdp program: Source: https://github.com/xdp-project/xdp-tools |
dashboard.html |
Local frontend UI for viewing live events |
main.html |
Main Dashboard UI for viewing servers status and generate summary reports |
license.key |
License key file |
dashboard_usage.md |
Main and Server dashboard usage guide |
LICENSE.txt |
License Agreement |
LICENSE.xdp-loader |
GPL license from xdp-tools |
The project is currently using a trial license.key . Once obtained, place the license.key file in the same directory before launching the application.
1. Install System requirements:
Open ports 8766 on every node.
2. **Unzip the bundle:**
unzip netxdp_bundle.zip
cd netxdp-agent
3. Load the xdp program:
Update the iface in install.sh (iface="<network interface>" for example: eth0, enX0 etc)
sudo ./install.sh
4. Launch the Server:
sudo ./netxdp
7. Open the Dashboard:
Copy the dashboard.html to /var/www/html or web root directory.
Open dashboard.html in your browser: http://<YOUR-SERVER-IP>/dashboard.html
You should see live network events appear in real-time.
Log format in the Web UI:
[2025-07-13T18:07:44.000Z] source_ip=IP1 target_port=PORT1 Connections=0 Rate=0 [UDP]
[2025-07-13T18:08:14.000Z] source_ip=IP2 target_port=PORT2 Connections=1 Rate=4.83 [TCP]
8. Open the Main Dashboard:
Copy the main.html to /var/www/html on your main admin server.
Open the main.html in your browser: http://<YOUR-SERVER-IP>/main.html
Click choose file and select a file containing your server lists.
Example file format:
Server_1_ip_address,prod
Server_2_ip_address,test
Once uploaded correctly, NetXDP agent will monitor and show status/alerts/AI insights for these servers.
Run the following commands on each node as root
sudo xdp-loader unload -a -vv #iface is the network interface where xdp program is loaded.
For licensing, troubleshooting, or feature requests: 📧 info@sentrilite.com 🌐 https://sentrilite.com