Network packet sniffing is a technique used to capture and analyze network traffic. In this tutorial, we will use Scapy, a powerful Python library, to sniff packets and extract useful information.
What is Scapy?
Scapy is a Python tool that allows you to create, send, and capture network packets. It is widely used for network security analysis and penetration testing.
Installing Scapy
To install Scapy, use the following command:
pip install scapy
Basic Packet Sniffing
Let's write a simple Python script to capture packets and display basic information.
from scapy.all import sniff
def packet_callback(packet):
print(packet.summary())
sniff(prn=packet_callback, count=10)
Filtering Packets
You can filter packets based on specific protocols, such as capturing only TCP packets.
sniff(filter="tcp", prn=packet_callback, count=10)
Extracting Packet Details
We can extract details like source and destination IP addresses from captured packets.
def packet_callback(packet):
if packet.haslayer(IP):
print(f"Source: {packet[IP].src} -> Destination: {packet[IP].dst}")
sniff(filter="ip", prn=packet_callback, count=10)
Running the Sniffer
Execute the script with administrator privileges to capture network packets:
sudo python sniffer.py
Legal and Ethical Considerations
Ensure you have permission before sniffing network traffic. Unauthorized packet sniffing can be illegal and unethical.
Conclusion
You've learned how to capture and analyze network packets using Python and Scapy. This knowledge is useful for network monitoring, troubleshooting, and security analysis.