-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPacket Sniffer (Basic)
More file actions
179 lines (148 loc) · 6.08 KB
/
Packet Sniffer (Basic)
File metadata and controls
179 lines (148 loc) · 6.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
import scapy.all as scapy
from scapy.layers import http
import argparse
import sys
import re
class PacketSniffer:
def __init__(self, interface=None, filter_exp=None):
self.interface = interface
self.filter_exp = filter_exp
self.packet_count = 0
def get_interface(self):
"""
Get available network interfaces
"""
interfaces = scapy.get_if_list()
print("Available interfaces:")
for idx, iface in enumerate(interfaces, 1):
print(f" {idx}. {iface}")
if self.interface is None:
try:
choice = int(input("\nSelect interface number: "))
self.interface = interfaces[choice - 1]
except:
print("[!] Invalid choice. Using default interface.")
self.interface = interfaces[0] if interfaces else None
return self.interface
def process_packet(self, packet):
"""
Process captured packets
"""
self.packet_count += 1
# Display basic packet info
print(f"\n[{self.packet_count}] Packet captured")
print("-" * 40)
if packet.haslayer(scapy.IP):
src_ip = packet[scapy.IP].src
dst_ip = packet[scapy.IP].dst
proto = packet[scapy.IP].proto
print(f"Source IP: {src_ip}")
print(f"Destination IP: {dst_ip}")
# Protocol mapping
protocols = {
1: "ICMP", 6: "TCP", 17: "UDP",
2: "IGMP", 89: "OSPF", 50: "ESP"
}
proto_name = protocols.get(proto, f"Protocol {proto}")
print(f"Protocol: {proto_name}")
# TCP/UDP info
if packet.haslayer(scapy.TCP):
print(f"Source Port: {packet[scapy.TCP].sport}")
print(f"Destination Port: {packet[scapy.TCP].dport}")
print(f"Flags: {packet[scapy.TCP].flags}")
elif packet.haslayer(scapy.UDP):
print(f"Source Port: {packet[scapy.UDP].sport}")
print(f"Destination Port: {packet[scapy.UDP].dport}")
# HTTP traffic
if packet.haslayer(http.HTTPRequest):
self.process_http_request(packet)
# DNS queries
if packet.haslayer(scapy.DNSQR):
self.process_dns_query(packet)
# Extract possible credentials
self.extract_credentials(packet)
print("-" * 40)
def process_http_request(self, packet):
"""
Process HTTP requests
"""
http_layer = packet[http.HTTPRequest]
print("\n[HTTP Request Detected]")
print(f"Host: {http_layer.Host.decode()}")
print(f"Path: {http_layer.Path.decode()}")
print(f"Method: {http_layer.Method.decode()}")
# Show headers
if http_layer.fields.get('Headers'):
print("Headers:")
for header, value in http_layer.fields['Headers'].items():
if isinstance(value, bytes):
value = value.decode('utf-8', errors='ignore')
print(f" {header}: {value}")
def process_dns_query(self, packet):
"""
Process DNS queries
"""
dns_layer = packet[scapy.DNSQR]
print(f"\n[DNS Query] {dns_layer.qname.decode()}")
def extract_credentials(self, packet):
"""
Try to extract credentials from packet
"""
if packet.haslayer(scapy.Raw):
load = packet[scapy.Raw].load.decode('utf-8', errors='ignore')
# Look for passwords
password_patterns = [
r'password[=:]\s*(\S+)',
r'pass[=:]\s*(\S+)',
r'pwd[=:]\s*(\S+)',
r'login[=:]\s*(\S+)',
r'user[name]*[=:]\s*(\S+)',
r'email[=:]\s*(\S+)'
]
for pattern in password_patterns:
matches = re.findall(pattern, load, re.IGNORECASE)
if matches:
print(f"\n⚠️ Possible credentials found: {matches}")
def start_sniffing(self):
"""
Start packet sniffing
"""
if self.interface is None:
self.interface = self.get_interface()
print(f"\n[*] Starting packet sniffer on interface: {self.interface}")
print("[*] Press Ctrl+C to stop\n")
try:
# Start sniffing
scapy.sniff(
iface=self.interface,
store=False,
prn=self.process_packet,
filter=self.filter_exp
)
except KeyboardInterrupt:
print(f"\n\n[*] Stopped. Total packets captured: {self.packet_count}")
except Exception as e:
print(f"[!] Error: {e}")
def main():
parser = argparse.ArgumentParser(description="Basic Packet Sniffer")
parser.add_argument("-i", "--interface", help="Network interface to sniff on")
parser.add_argument("-f", "--filter", help="BPF filter expression (e.g., 'tcp port 80')")
args = parser.parse_args()
# Disclaimer
print("=" * 60)
print("PACKET SNIFFER - EDUCATIONAL PURPOSES ONLY")
print("=" * 60)
print("⚠️ DISCLAIMER:")
print("- Only use on networks you own or have permission to monitor")
print("- Capturing network traffic without permission is ILLEGAL")
print("- Do not capture sensitive information")
print("=" * 60)
consent = input("\nDo you understand and agree? (yes/no): ")
if consent.lower() != 'yes':
print("Operation cancelled.")
sys.exit(0)
# Start sniffer
sniffer = PacketSniffer(interface=args.interface, filter_exp=args.filter)
sniffer.start_sniffing()
if __name__ == "__main__":
main()