Pritiviraj/Basic-Network-Sniffer-Pritiviraj

# 🛡️ Basic Network Sniffer — Internship Project A Python-based network packet sniffer built with **Scapy** that captures, dissects, and displays live network traffic. Designed to help understand how data flows through networks and the basics of TCP/IP protocols. ## 📁 Project Structure network_sniffer/ ├── sniffer.py # Main sniffer script ├── requirements.txt # Python dependencies └── README.md # This file ## ⚙️ Setup ### 1. Install dependencies pip install -r requirements.txt ### 2. Run the sniffer # Linux / macOS sudo python3 sniffer.py # Windows (run terminal as Administrator) python sniffer.py ## 🚀 Usage Examples # Capture unlimited packets on default interface (verbose mode) sudo python3 sniffer.py -v # Capture 50 TCP packets only sudo python3 sniffer.py -c 50 -p tcp # Sniff on a specific interface sudo python3 sniffer.py -i eth0 # Filter traffic for a specific host sudo python3 sniffer.py --host 192.168.1.1 # Filter by port (e.g., HTTP traffic) sudo python3 sniffer.py --port 80 # Show raw payload bytes sudo python3 sniffer.py --payload # List available network interfaces sudo python3 sniffer.py --list-interfaces # Combine filters: TCP traffic to port 443 from a specific host sudo python3 sniffer.py -p tcp --port 443 --host 8.8.8.8 -v --payload ## 🖥️ Output Explained [14:32:01.453] TCP 192.168.1.5:54321 → 142.250.80.46:443 89B ^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^ Proto Source IP:Port → Dest IP:Port Size With `-v` (verbose): MAC aa:bb:cc:dd:ee:ff → 11:22:33:44:55:66 | TTL=64 | Flags=PA | Seq=123 Ack=456 With `--payload`: Payload [32B]: 47 45 54 20 2f 20 48 54 54 50 | GET / HTTP ### Protocol Color Legend | Color | Protocol | |---------|----------| | 🟢 Green | TCP | | 🔵 Blue | UDP | | 🟡 Yellow | ICMP | | 🟣 Magenta | ARP | | 🩵 Cyan | DNS | | 🔴 Red | HTTP | | ⚪ White | IPv6 | ## 📡 How It Works — Key Concepts ### Layers Analyzed ┌──────────────────────────────────────┐ │ Layer 7 — Application (DNS, HTTP) │ ├──────────────────────────────────────┤ │ Layer 4 — Transport (TCP, UDP) │ ├──────────────────────────────────────┤ │ Layer 3 — Network (IP, ICMP) │ ├──────────────────────────────────────┤ │ Layer 2 — Data Link (Ethernet) │ └──────────────────────────────────────┘ ### BPF Filters (Berkeley Packet Filter) Filters are passed directly to the OS kernel for efficient capture: - `tcp` — only TCP packets - `udp` — only UDP packets - `host 1.2.3.4` — only traffic to/from that IP - `port 80` — only traffic on port 80 - Combine: `tcp and port 443 and host 8.8.8.8` ### Key Scapy Concepts - `sniff()` — main capture function; `store=False` avoids memory buildup - `packet[IP]` — access a specific layer in the packet - `packet[TCP].flags` — read TCP control flags (SYN, ACK, FIN, etc.) - `packet[Raw]` — access the raw payload bytes - `prn=` — callback called for each captured packet ## ⚠️ Legal & Ethical Notice ## 🎓 What You Learn From This Project | Concept | How it applies here | |---|---| | OSI / TCP-IP Model | Packet dissection across all 4 layers | | IPv4 Addressing | Parsing src/dst IPs from IP header | | TCP Handshake | Observing SYN, SYN-ACK, ACK flags | | DNS Resolution | Seeing queries and responses live | | HTTP | Parsing request method, host, path | | BPF Filters | Kernel-level traffic filtering | | Socket Programming | Underlying mechanism scapy uses |