Dashboard
NekoPi · System overview
◎ DEMO 00:00:00 CPU—% RAM—/— RPi5—°C
ETH Speed
Gb/s
eth0 · HAT · Test
UP
Network Traffic
Mb/s
Mb/s
ETH
GW Latency
ms
detecting...
OK
DHCP Response
ms
measuring...
OK
Packet Loss
%
rolling probes
LOW
APs Detected
APs
scanning...
SCAN
CPU / RAM
%
RAM: — / —
RPi5
Edge AI
checking...
🌐 Network Identity
Local IP
Public IP
Default Gateway
DNS Server
Hostname
DHCP Lease
📈 Service Latency
not measured
ServiceHostRTTStatus
Click ▶ Probe to measure
⚡ Last Quick Check
not run
🌐 Gateway pingnot run
🖨 DNSnot run
🌎 Internetnot run
📶 WiFi speednot run
🔌 ETH speednot run
⚠ Rogue APsnot run
📶 Nearby APs
SSIDRSSIBandCh
Loading...
Channel Utilization
2.4 GHz
5 GHz
⚡ Quick Check
30-second network baseline · captive portal check · ping, DNS, speed, rogue AP detection
1
Configure
2
Execute
3
Results
⚙️ Test Configuration
auto
auto
Test Groups
All 16 tests · Est. ~30s
Est. time: ~30 seconds
▶ Running Tests
RUNNING
Overall progress0%
nekopi@field:~$ nekopi quickcheck --all-ifaces Initializing tests...
✅ Results
🌐 Network
TestStatusValueDetails
🔒 Security
TestStatusValueDetails
📡 WiFi
TestStatusValueDetails
📶 WiFi Analysis
2.4 / 5 / 6 GHz simultaneous · WiFi4→7 · AP scan, rogue detection · Roaming · Profiler · Kismet
📡 Connection Status
Loading...
🔗 Connect to AP
Click Scan to list networks
📈
Roaming Analyzer
802.11r/k/v · FT timing
Ready
👤
Client Profiler
Virtual AP · 802.11 capabilities
Ready
🛡
Kismet IDS
Passive sniffer · rogue IDS
Stopped
1
Configure
2
Scan
3
Results
⚙️ Scan Configuration
WiFi7 · BE200 · 2.4/5/6GHz
📶 Scanning...
ACTIVE
Progress0%
nekopi@field:~$ nekopi wifi scan --all-bands --detect-rogue
Access Points
SSIDRSSIBandSecurity
Run a scan to see results
⚠️ Alerts
🚨 Rogue AP Detected
SSID: FREE-WIFI · Open network · Not in whitelist
MAC: XX:XX:XX:XX:XX:01 · Signal: -74dBm
⚠ Unknown AP
SSID: NETGEAR-5G · Not in whitelist
MAC: YY:YY:YY:YY:YY:02 · Signal: -81dBm
✓ No Deauth Attacks
No deauthentication frames detected in scan window
🔌 Wired / LAN
LLDP · iperf3 · VLAN · Port Blinker · 802.1X · VoIP/QoS · DHCP Stress · DNS Benchmark
🔍
LLDP/CDP
Neighbor discovery
iperf3
Throughput test
🏷️
VLAN Probe
Enumerate VLANs
💡
Port Blinker
Identify physical port
🔒
802.1X
EAP / RADIUS test
📞
VoIP / QoS
MOS · jitter · DSCP
🌐
DHCP Stress
Pool exhaustion test
🔎
DNS Benchmark
Compare DNS servers
1
Select Tool
2
Configure
3
Execute
4
Results
🔌 Wired Tool Selection
🔍
LLDP/CDP
Neighbor discovery
iperf3
Throughput test
🏷️
VLAN Probe
VLAN enumeration
💡
Port Blinker
Physical port ID
🔒
802.1X Tester
EAP/RADIUS auth test
📞
VoIP / QoS
MOS · jitter · DSCP
🌎
DHCP Stress
Pool exhaustion test
🔍
DNS Benchmark
Compare DNS servers
📶
Captive Portal
Detect portal / intercept
Select a tool to continue
⚙️ Configure
▶ Running
RUNNING
nekopi@field:~$ nekopi lldp --iface eth1
✅ Results
Neighbor hostnameSW-CORE-01.corp.local
System descriptionCisco IOS 17.9.4 · WS-C3850-48P
Local porteth1 (NekoPi)
Remote portGigabitEthernet1/0/12
Management IP10.0.0.1
VLAN (access)VLAN 100 — Corp
CapabilitiesBridge · Router
🛠️ Rescue Toolkit
DHCP · TFTP · MAC Clone · Captive Portal · ARP Scan · Static IP · Syslog · WoL
🌐 Temp DHCP Server
Stopped
DHCP Option 43 — Cisco AP Presets
Ready — press Start DHCP to begin
📁 TFTP Server
Stopped
Ready — TFTP listens on port 69
Upload to TFTP root
🎭 MAC Clone
Original
Useful for bypass of MAC-based authentication (802.1X open, port-security)
🔍 ARP Scan
Idle
🔗 Captive Portal Test
Idle
ℹ HTTP code reference
204 No Content — clean internet, no portal.
200 OK on a probe URL that should return 204 — body inspected; if it contains an HTML form or location header, it's a captive portal.
301 / 302 / 307 Redirect — captive portal almost always uses these to push you to its login page.
511 Network Authentication Required — RFC 6585; some portals signal explicitly with this.
000 ⚠ — curl could not reach the URL at all (DNS hijack, blocked port, or no link). Applies to any probe URL, not portal-specific. Try another iface or run the gateway/DNS Quick Check first.
📡 Static IP Setter
Idle
🪵 Syslog Catcher
Stopped
Port 5140 = no root needed · Port 514 = standard syslog (requires sudo)
On device: logging host <NekoPi-IP> transport udp port 5140
Ready — configure devices to send syslog here
⚡ Wake-on-LAN
Quick Send
📤 Path Analyzer
PingPlotter-style · traceroute continuo · dual interface WiFi vs ETH · latency per hop
⚙ Configuration
Stopped
Default: 8.8.8.8 —
auto
Detecting interfaces...
📊 Live Statistics
Total Hops
Total RTT
Avg Loss
Worst Hop
Alert Thresholds
ms
ms
🗺 Hop Map — Real-time
<20ms   <80ms   above
Hop IP / Hostname Last RTT Avg RTT Loss % History (last 20)
▶ Start Path Analyzer to see hops
📊 Sensor Mode
Live continuous monitoring · PCAP snapshot capture · pktvisor edge analysis
Stopped
🟢 Live Monitoring · pktvisor continuous capture
Tests per cycle
Ping GW
ms
DNS
ms
Throughput
Mb/s
MOS
/ 5.0
Packet Loss
%
Jitter
ms
Throughput measured on NekoPi's own traffic. Low values (≈0.01 Mbps on eth0) are normal when there is no active traffic. To measure real network throughput use iPerf3 in the Wired/LAN module.
Top Talkers
Start Sensor Mode to see top talkers
Top DNS Queries
Start Sensor Mode to see DNS queries
📦 PCAP Capture · snapshot puntual
💾 Capture X seconds → generates a downloadable .pcap file, analyzable with AI. Use for point-in-time diagnostics: suspicious bursts, specific sessions, report evidence.
No captures yet. Click "Capture" to start.
🌐 URL Monitoring · DNS · TCP · TLS · TTFB · Total
URL DNS TCP TLS TTFB Total Status
No results. Add URLs and click "Probe now".
🟢 < 200ms · 🟡 200–500ms · 🔴 > 500ms · Results written to InfluxDB · Grafana panel on NekoPi Field Unit dashboard
📋 Probe History
Time Iface SSID GW IP DNS IP Ping GW DNS Throughput Loss% Jitter MOS Trend (min/avg/max ping · 10x) Status
Start Sensor Mode to collect data
⚡ NetPush
Mass Config Pusher · Cisco IOS/IOS-XE · SSH · Discovery → Show → Push
Not set
🔒 Credentials are held in memory only — never stored on disk
🎯 Target Range
Idle
CIDR · range (x.x.x.1-20) · comma-separated IPs
📟 Log
Ready — enter targets and credentials above
📋 Discovered Devices
IP Hostname Platform Type · Model Status
Run Discovery to populate device list
🩺 WiFi Troubleshooter
Assisted diagnostics · symptoms + real data · layer-by-layer recommendations
📡 Interface to analyze
Idle
Takes ~15s — scans signal, channel, gateway, DNS, interference
🤒 Reported symptoms
Connectivity
Performance
Mobility
Specific
📊 Environment metrics
RSSI
dBm
SNR
dB
Noise
dBm
TX Rate
Mbps
Retry
%
PHY
mode
BW
MHz
Beacon
TU
Ping GW
ms
DNS
ms
Co-canal
APs
🔍 Network Scan
nmap-based device inventory · auto-classify · vendor lookup
1
Configure
2
Scan
3
Inventory
⚙️ Scan Configuration
auto
Detecting subnet from active interface...
Uses nmap · requires root
🔍 Scanning network...
RUNNING
Hosts discovered0 / 254
nekopi@field:~$ nmap -sV -O --mac-lookup 192.168.1.0/24
📋 Device Inventory
IPHostnameVendorVersion TypePortsCVEs
192.168.1.1 SW-CORE-01 Cisco Systems IOS XE 17.9.3 SWITCH 22,80,443,161
192.168.1.10 AP-CORP-01 Cisco Meraki MR 29.6.1 AP 22,443
192.168.1.20 RTR-EDGE-01 MikroTik RouterOS 6.49.2 ROUTER 22,80,8291
192.168.1.30 FW-PERIMETER Fortinet FortiOS 7.2.4 FW 22,443,541
192.168.1.40 SW-ACCESS-02 Aruba / HPE AOS-CX 10.10.1070 SWITCH 22,443,161
📈 Roaming Analyzer
802.11r/k/v · Fast Transition timing · NekoPi stays fixed · client device moves · power bank optional for mobile use
Total Events
Roam Events
Deauths
Avg FT Time
⚙ Configuration
Idle
Interface will be put in monitor mode during capture
Lock to client's channel if known for lower latency capture
Filters events table in real time · paste MAC or pick from dropdown
Auto-populated during capture
💡 How it works: NekoPi stays connected to the network (no battery needed). The client device (phone, laptop) moves between APs. NekoPi captures 802.11 frames passively via wlan1 in monitor mode.
🔋 Optional: use a power bank to take NekoPi with you while walking the site.
Event Type Filters
📊 Roaming Events
TimeClient MACFrom APTo APRSSIFT TimeType
Start capture to see roaming events
📄 Terminal
nekopi@field:~$ # Roaming analyzer ready
👤 Client Profiler
Virtual AP via hostapd · 802.11 Association Request · capabilities + data rates · session history
⚙ Virtual AP
AP Down
⚠ Connect the device to NekoPi-Profiler. NekoPi captures 802.11 Association Request automatically.
📶 Last Client Capabilities
No client yet
Start AP and connect a device to see capabilities
📚 Session History
0 clients profiled
Time MAC Vendor Standard MIMO Rates PMF FT/k/v
No clients profiled yet — start the AP and connect a device
📄 Terminal
nekopi@field:~$ # Client Profiler — uses hostapd + tcpdump
🛡️ Kismet IDS
Passive wireless IDS · rogue detection · device tracking · 802.11 anomalies
Checking...
🔗 Open Full UI ↗
Total Devices
Access Points
Clients
Alerts
📡 DETECTED DEVICES
MAC SSID / Name Manufacturer Type Signal ↓ Ch
Start Kismet to see devices
🚨 ALERTS 0 alerts
No alerts
🧠 Deep Analysis
Local pcap analysis · logs · configs · technical chat · 100% remote Ollama
📂 File Analysis
checking…
🔒 100% local — files never leave the lab. Upload .pcap, .log, .txt, .cfg or .conf and the assistant will analyze them using your remote Ollama agent.
No file selected
Upload a file to start local analysis…
📄 Reports
PDF export · QR code · bilingual EN/ES · client-ready format · auto-populated from test results
⚙ Report Builder
Sections to include
👁 Preview
Not generated
📄 Fill in the form and click Generate PDF
📚 Report History
DateClientSiteSectionsLang
No reports generated yet
🔗 Connection
eth0 management · interfaces · access URLs
📡 Interface Roles
InterfaceRoleIPStatus
eth0 🔗 Management (RPi5 GbE) 192.168.42.1 UP
eth1 🔌 Field Tests (RTL8125B) Ready
wlan0 📶 WiFi Diag (MT7925) Ready
wlan1 📱 Mobile AP (USB) 192.168.43.1 Optional
🌐 Access URLs
Primary (laptop · cable)
http://nekopi.local:8000
http://192.168.42.1:8000
Console (ttyd)
https://nekopi.local:7681
Mobile AP (wlan1 dongle)
SSID: nekopi-mgmt
Pass: nekopi2024 · http://192.168.43.1:8000
📷 QR — Mobile Access
Scan to open NekoPi on your phone
Connect to nekopi-mgmt WiFi first
📋 How to Connect
📌 RPi5 integrated WiFi (BCM43455) is disabled — stable naming guaranteed: wlan0=MT7925 HAT  ·  wlan1=USB dongle  ·  eth0=RPi5 GbE  ·  eth1=RTL8125B HAT
💻 LAPTOP (cable)
1. Cable RJ45: laptop → eth0
2. Laptop gets 192.168.42.x auto
3. Open: http://nekopi.local:8000
4. wlan0 + eth1 free for tests
📱 MOBILE (WiFi dongle)
1. Plug USB WiFi dongle (wlan1)
2. Run: nekopi-ap on
3. Connect to nekopi-mgmt
4. Open: http://192.168.43.1:8000
🖥️ System Console
System console · system logs · sin SSH externo
🖥️ System Console
System Console disponible en:
🔗 https://192.168.99.1:9090
Abre el enlace, acepta el certificado la primera vez, y usa usuario nekopi.
📡 OTA Capture
Passive WiFi capture · monitor mode · AI analysis
⚙ Capture Config
Idle
Frame types
📂 Captured Files
No captures. Start an OTA capture.
🔌 Console Pusher
Full serial terminal · Assisted config push · Cisco IOS · FTDI/USB
Disconnected
🖥 Terminal Serial
Connect to the serial port to see the terminal.
Same experience as connecting PuTTY or SecureCRT to the console cable.
⚙️ Settings
Network · AI · Probes · Device
🌐 Network & Connectivity
Internet Sharing (NAT)
Share internet from eth0/wlan0 to eth1 (direct management)
⚠️ Disable during formal audits
Enabled
Management IP
eth1 → 192.168.99.1 · DHCP: 192.168.99.100-199
● Read-only
DHCP Leases — eth1
Loading leases…
🤖 AI Backend
The RPi never hosts Ollama — always remote
💡 Text analysis → Gemini (fast, abstract metrics).
🔒 Sensitive files (pcap/log/cfg) → processed locally on RPi + anonymized summary to Gemini — the raw file never leaves the device. If Gemini is not configured, fallback to remote Ollama.
☁ GEMINI API
Stored locally on the RPi.
— untested
🤖 OLLAMA REMOTO
Ollama agent on another machine. Never localhost.
— untested
📡 Probes & Latency
Cloud Controllers
Custom Hosts
Los custom hosts aparecen en Service Latency del Dashboard
WiFi Scan Interval
Auto-scan interval for nearby APs on the dashboard
⚙️ Device
auto
Device name visible on the network.
Changes sidebar, buttons, and labels.
Controls the language AI uses in analysis responses.
🛠 Tools
Subnet calculator · VLSM · IP converter · Protocol reference
🔎 Subnet Calculator
Network
Broadcast
First host
Last host
Usable hosts
Subnet mask
Wildcard
CIDR
Class
Binary
🔢 Wildcard / CIDR
Subnet mask
Wildcard
CIDR
Block size
📋 Subnet Cheat Sheet
CIDRMaskHostsBlock
🌐 IoT & Sensors
MQTT · LoRa · BLE · Zigbee · Under construction
🚧
Under Construction
NekoPi Field Unit — v1.1
🔲 MQTT broker connectivity test
🔲 LoRa packet analyzer (SX1276)
🔲 BLE device scanner
🔲 Zigbee network probe
🔲 Matter/Thread device detection
🔲 IoT protocol vulnerability scan
Planned · v1.1
🔒 Security Audit
Vulnerability scan · Default credentials · WiFi threats · CVE detection
/100
NOT RUN
Run scan to evaluate
⚙️ Configuration
▲ collapse
Leave blank to auto-detect from current connection
Only these SSIDs will be evaluated. Leave blank to scan all visible networks (includes neighbors).
Restricts default-credential probes and CVE matching to this vendor. Leave blank to auto-detect.
Idle
0%
Critical
High
Medium
Low
🖥️ Host Discovery
No scan results
IP Address Name MAC Vendor SSH Telnet FTP HTTP HTTPS SNMP RDP SMB
Run Security Audit to discover hosts
🔍 Findings
No scan results
Severity Finding Host Detail CVE
Run Security Audit to see findings
🐱 About
NekoPi Field Unit · cargando…
NekoPi
NekoPi Field Unit
Codename: ToManchas · v1.3.0 · MIT License
by Fabián Toro Rodríguez · Bogotá, Colombia 🇨🇴
🖥 Hardware
Loading…
📡 Interfaces de red
Loading…
💾 Storage
Loading…
🧩 Software Stack
ServiceVersionStatus
Loading…
🔧
Inspired by
WLANPi Project
🌎
Built in
Bogotá, Colombia 🇨🇴
🐱
Codename
Tomás
🧠
Backend IA
Gemini API o Ollama remoto
Fabián Toro Rodríguez
Network & Infrastructure Specialist · Bogotá, Colombia 🇨🇴
Loading…
Skills
Cisco SD-Access (SDA) 802.1x/AAA WiFi Enterprise ThousandEyes Meraki
MIT License · Open Source · Hardware-agnostic
Probado: RPi5 · CF-953AX · RTL8125B
💻 Terminal
ttyd embebido · bash local del RPi · SSH a equipos remotos
🐚 NekoPi · bash local