Python 3 Network Packet Sniffer

A Network Packet Sniffer developed in Python 3. Packets are disassembled as they arrive at a given network interface controller and their information is displayed on the screen.

This application maintains no dependencies on third-party modules and can be run by any Python 3.6+ interpreter.

Demo

Running the Application

I. Execute the binary

Download the Network Packet Sniffer from the dist directory and run it. Administrative privileges are required due to the use of socket.SOCK_RAW by the decoder.

user@host:~$ sudo ./packet_sniffer

II. (Optional) Build your own binary

What if you don't trust third-party binaries running with sudo on your system? In this case the build.py file can be used to compile your own binary.

Building the binary requires the PyInstaller package. You just need to install all dependencies and build. Dependency management works with both Poetry (recommended) and Virtualenv.

user@host:~$ git clone https://github.com/EONRaider/Packet-Sniffer.git
user@host:~$ cd Packet-Sniffer
user@host:~/Packet-Sniffer$ poetry install <--or--> pip install -r requirements.txt
user@host:~/Packet-Sniffer$ python3 build.py

III. (Optional) Development Mode

It's also possible to run the application without any third-party dependencies or manipulation of binaries. Simply clone this repository with git clone and execute the packet_sniffer.py file by passing the required PYTHONPATH to sudo.

user@host:~$ git clone https://github.com/EONRaider/Packet-Sniffer.git
user@host:~$ cd Packet-Sniffer
user@host:~/Packet-Sniffer$ sudo --preserve-env PYTHONPATH=$(pwd) python3 src/packet_sniffer.py

Why the black magic with sudo? The command is required due to the use of socket.SOCK_RAW. The --preserve-env option is required because the src module is only visible from the root directory of the project and, hence, PYTHONPATH must be manipulated accordingly. This is not a result of the design of the tool itself, but of the way Python works internally.

Usage

packet_sniffer.py [-h] [-i INTERFACE] [-d]

Network Packet Sniffer

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Interface from which packets will be captured (monitors
                        all available interfaces by default).
  -d, --displaydata     Output packet data during capture.

Legal Disclaimer

The use of code contained in this repository, either in part or in its totality, for engaging targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws.

Developers assume no liability and are not responsible for misuses or damages caused by any code contained in this repository in any event that, accidentally or otherwise, it comes to be utilized by a threat agent or unauthorized entity as a means to compromise the security, privacy, confidentiality, integrity, and/or availability of systems and their associated resources. In this context the term "compromise" is henceforth understood as the leverage of exploitation of known or unknown vulnerabilities present in said systems, including, but not limited to, the implementation of security controls, human- or electronically-enabled.

The use of this code is only endorsed by the developers in those circumstances directly related to educational environments or authorized penetration testing engagements whose declared purpose is that of finding and mitigating vulnerabilities in systems, limiting their exposure to compromises and exploits employed by malicious agents as defined in their respective threat models.