Network packet sniffers are essential tols for analyzing and trouleshooting network traffic. They allow you to capture and inspect packets flowing througha network interface, providing valuable insights into the communication between devices. In this guide, we’ll explore how to develop a simple network packet sniffer using Python and the Scapy library.
What is a Network Packet Sniffer?
A network packet sniffer is a software tool that intercepts and logs network traffic passing through a specific network interface. It captures packets at the data link layer and can analyze various protocol headers to extract information such as sources and destination IP addresses, ports, and packet payloads. Packet sniffers are commonly used by network administratoors, security professionals and developers for tasks such as network troubleshooting, performance monitoring, and security analysis.
Getting Started with Python and Scapy
Scapy is a powerful Python library for packet manipulation and network analysis. It provides a high-level interface for crafting and dissecting network packets, making it an ideal choice for building network utilities such as packet sniffers. Before we begin, ensure that you havve Python and Scapy installed on your system. You can install Scapy using pip:
pip install scapyDeveloping the Packet Sniffer
We’ll start by writing a Python script that captures TCP packets on a specified network interface and logs relevant information to a file. Here’s the code for our packet sniffer:
import sys
from scapy.all import *
# Function to handle each packet
def handle_packet(packet, log):
# Check if the packet contains TCP layer
if packet.haslayer(TCP):
# Extract source and destination IP addresses
src_ip = packet[IP].src
dst_ip = packet[IP].dst
# Extract source and destination ports
src_port = packet[TCP].sport
dst_port = packet[TCP].dport
# Write packet information to log file
log.write(f"TCP Connection: {src_ip}:{src_port} -> {dst_ip}:{dst_port}\n")
# Main function to start packet sniffing
def main(interface, verbose=False):
# Create log file name based on interface
logfile_name = f"sniffer_{interface}_log.txt"
# Open log file for writing
with open(logfile_name, 'w') as logfile:
try:
# Start packet sniffing on specified interface with verbose output
if verbose:
sniff(iface=interface, prn=lambda pkt: handle_packet(pkt, logfile), store=0, verbose=verbose)
else:
sniff(iface=interface, prn=lambda pkt: handle_packet(pkt, logfile), store=0)
except KeyboardInterrupt:
sys.exit(0)
# Check if the script is being run directly
if __name__ == "__main__":
# Check if the correct number of arguments is provided
if len(sys.argv) < 2 or len(sys.argv) > 3:
print("Usage: python sniffer.py <interface> [verbose]")
sys.exit(1)
# Determine if verbose mode is enabled
verbose = False
if len(sys.argv) == 3 and sys.argv[2].lower() == "verbose":
verbose = True
# Call the main function with the specified interface and verbose option
main(sys.argv[1], verbose)
Click Here To check Github Repo.
Running the Sniffer
To run the packet sniffer, execute the script from the command line with the following command:
python codeAlpha_project_Packet_sniffer.py <interface> #with verbose it's giving error. So run without verbose optionReplace ‘<interface>’ with the name of the network interface you want to sniff packeets on.
Conclusion
In this guide, we’ve developed a simple network packet sniffer using Python and Scapy. While thi example focuses on capturing TCP packets, you can extend the funtionality to support other protocols and perform more advanced analysis. Packet sniffers are powerful tools for understanding network behavior and diagnosing network issues, making them invaluable in various netwroking scenarion.
RUN THIS TOOL
- python3 basic_packet_sniffer.py eth0 and hit enter.
2. Open another terminal and run your commands for example:
3. After successfully run nmap command then stop the packet analyzer with ctrl+c.
4. Now, check log file which captured by network sniffer and cat it out.
You’ve successfully captured Network Traffic with this tool.
IMPORTANT:
While working on this project, I’ve learned a lot about Python and gained a better understanding of how packet sniffers work. It’s been an interesting journey, and I hope you can understand where I’m coming from. If you encounter any issues with the tool, please don’t hesitate to let me know. I’ll do my best to address them. Thank you for your understanding!
