AfzalHossan-2005021/Packet-Sniffer

# 🔍 Network Security: Traffic Sniffing & Analysis Lab [](LICENSE) [](https://www.python.org/) [](https://www.docker.com/) ## 📑 Table of Contents - [✨ Features](#-features) - [🎯 Overview](#-overview) - [🏗️ Architecture](#️-architecture) - [📋 Prerequisites](#-prerequisites) - [🚀 Quick Start](#-quick-start) - [🛠️ Step-by-Step Guide](#️-step-by-step-guide) - [📂 Project Structure](#-project-structure) - [🔄 Workflow](#-workflow) - [💡 Key Concepts](#-key-concepts) - [🐛 Troubleshooting](#-troubleshooting) - [⚠️ Disclaimer](#️-disclaimer) ## ✨ Features 🎓 **Educational Focus** - Designed for learning network security principles - Demonstrates real packet sniffing techniques - Shows vulnerabilities in unencrypted protocols 🔒 **Isolated Environment** - Fully containerized using Docker Compose - Safe, sandboxed network simulation - No external network interference - HTTP (unencrypted web traffic) - Telnet (legacy clear-text protocol) - Easy to extend with custom protocols ⚡ **Real-time Analysis** - Live packet capture and inspection - Credential interception demonstration - Payload analysis capabilities ## 🎯 Overview This lab creates an isolated network environment to demonstrate how unencrypted protocols expose sensitive data to network sniffing. Four containers interact on a bridged Docker network: | Component | Role | Purpose | |-----------|------|---------| | 🔴 **Attacker** | Passive Observer | Captures and analyzes network traffic | | 💻 **Victim** | Traffic Generator | Simulates legitimate user connections | | 🌐 **HTTP Server** | Service Provider | Serves unencrypted web content | | 📞 **Telnet Server** | Service Provider | Provides clear-text authentication | ## 🏗️ Architecture ### System Architecture Diagram ┌─────────────────────────────────────────────────────────────┐ │ Docker Network (Bridged) │ │ │ │ ┌───────────────┐ ┌──────────────┐ │ │ │ 🔴 Attacker │ │ 💻 Victim │ │ │ │ (Sniffer) │◄────────▶│ (Traffic │ │ │ │ │ │ Generator) │ │ │ └───────────────┘ └──────────────┘ │ │ ▲ │ │ │ │ │ │ │ │ (Captures packets) │ (Sends requests) │ │ │ ▼ │ │ │ ┌──────────────┐ │ │ │ │ 🌐 HTTP │ │ │ └────────────────────│ Server │ │ │ │ │ │ │ │ │ └──────────────┘ │ │ │ │ │ │ │ ┌──────────────┐ │ │ │ │ 📞 Telnet │ │ │ └────────────────────│ Server │ │ │ │ │ │ │ └──────────────┘ │ │ │ └─────────────────────────────────────────────────────────────┘ ### Container Interaction Flow graph LR A["🔴 Attacker
(Python + Scapy)"] -->|Listens on eth0| B["Network Interface"] C["💻 Victim
(Traffic Gen)"] -->|HTTP Request
Telnet Auth| D["Servers"] D -->|Response| C B -->|Captures Packets| A A -->|Displays
Real-time Data| E["Console Output"] style A fill:#ff6b6b,stroke:#c92a2a,color:#fff style C fill:#4ecdc4,stroke:#2a9d8f,color:#fff style D fill:#ffe66d,stroke:#flacc0,color:#333 style E fill:#a8e6cf,stroke:#56c596,color:#333 ## 📋 Prerequisites Before running this lab, ensure you have the following installed: - 🐳 **[Docker](https://docs.docker.com/get-docker/)** (v20.10+) - 🐳 **[Docker Compose](https://docs.docker.com/compose/install/)** (v1.29+) - 💻 **Linux/Mac/Windows** (with Docker Desktop for Windows/Mac) ### Version Check docker --version docker-compose --version ## 🚀 Quick Start Get the lab running in **3 easy steps**: ### 1️⃣ Build the Environment # Navigate to the project directory cd /home/afzal/Academic/Computer-Security/Packet-Sniffer # Build and start all containers in the background docker-compose up --build -d ### 2️⃣ Verify Containers # Check all containers are running docker-compose ps Expected output: CONTAINER ID IMAGE COMMAND STATUS abc123def456 ...attacker "python3 -u ..." Up 2 minutes xyz789uvw123 ...victim "python3 -u ..." Up 2 minutes def456ghi789 ...http "python3 http_server" Up 2 minutes ghi789jkl012 ...telnet "/bin/bash" Up 2 minutes ### 3️⃣ Start Sniffing! # Terminal 1: Run the sniffer in the attacker container docker exec -it packet-sniffer-attacker-1 python3 sniffer.py # Terminal 2: Generate traffic from the victim container docker exec -it packet-sniffer-victim-1 python3 generate_traffic.py ## 🛠️ Step-by-Step Guide ### Detailed Setup Instructions #### Step 1: Prepare Your Environment # Clone or navigate to the repository cd /path/to/Packet-Sniffer # Verify all Docker files exist ls -la Dockerfile.* docker-compose.yml #### Step 2: Build and Launch Containers # Build images and start containers docker-compose up --build -d # Optional: View real-time logs docker-compose logs -f #### Step 3: Access the Attacker Container # Get into the attacker container docker exec -it /bin/bash # Verify Scapy is available python3 -c "import scapy; print(scapy.__version__)" #### Step 4: Run the Sniffer # Start packet sniffing python3 sniffer.py # Output will show captured packets in real-time: # [*] Sniffing on network... # [+] Packet captured: ... #### Step 5: Generate Network Traffic In another terminal: # Access the victim container docker exec -it /bin/bash # Trigger traffic generation python3 generate_traffic.py #### Step 6: Observe Results Switch back to the attacker terminal to see live packet captures, including: ## 📂 Project Structure Packet-Sniffer/ ├── 📋 README.md # This comprehensive guide ├── 🐳 docker-compose.yml # Container orchestration │ ├── 🐋 Dockerfile.attacker # Attacker node (Python + Scapy) ├── 🐋 Dockerfile.victim # Victim node (Traffic generator) ├── 🐋 Dockerfile.http # HTTP server container ├── 🐋 Dockerfile.telnet # Telnet server container │ ├── 🐍 sniffer.py # Main sniffing script (Attacker) ├── 🐍 generate_traffic.py # Traffic generation script (Victim) ├── 🐍 http_server.py # Simple HTTP server └── 🖼️ [Diagrams & Documentation] ### File Descriptions | File | Purpose | Key Features | |------|---------|--------------| | `docker-compose.yml` | Defines all containers and networking | Volume mapping, port binding, network config | | `Dockerfile.attacker` | Attacker environment setup | Scapy, packet tools, Python3 | | `Dockerfile.victim` | Victim environment setup | HTTP client, Telnet client, requests library | | `sniffer.py` | Packet capture script | Real-time filtering, payload extraction | | `generate_traffic.py` | Traffic generation script | Protocol simulation, automated requests | | `http_server.py` | Basic HTTP server | Unencrypted responses, static content | ## 🔄 Workflow ### Complete Attack Simulation Flow sequenceDiagram participant V as 💻 Victim participant N as 🌐 Network participant A as 🔴 Attacker participant S as 🌐 Server A->>N: ⚠️ Start Sniffing (Listen Mode) Note over A: sniffer.py running
Capturing packets V->>S: 📤 Send HTTP Request Note over V: generate_traffic.py S->>N: 📨 Transmit Response Note over N: Unencrypted Data N->>A: 📥 Captured Packet A->>A: 🔍 Inspect Headers A->>A: 🔍 Extract Payload A->>A: 📊 Display Results V->>S: 🔐 Send Telnet Auth (plain-text) S->>V: ✅ Authentication Response N->>A: 📥 Capture Credentials A->>A: ⚠️ Log Sensitive Data ### Real-World Timeline 1. **Setup Phase** (1-2 minutes) - Start Docker environment - Containers initialize and connect to network 2. **Sniffing Phase** (Continuous) - Attacker starts listening on network interface - Ready to capture all traffic 3. **Traffic Generation Phase** (30 seconds - 5 minutes) - Victim initiates connections - Servers respond with data - Attacker captures packets 4. **Analysis Phase** (Real-time) - Displayed in attacker terminal - Credentials, headers, payloads visible ## 💡 Key Concepts ### What is Packet Sniffing? Packet sniffing is the process of intercepting and capturing data traveling across a network. In unencrypted protocols, sensitive information becomes visible: **Vulnerable Protocols:** - 🌐 **HTTP**: Transmits headers, usernames, passwords in plain text - 📞 **Telnet**: No encryption; all communication is readable - 📧 **FTP**: Credentials transmitted without protection **Protected Protocols:** - 🔒 **HTTPS**: Encrypted communication layer (SSL/TLS) - 🔐 **SSH**: Encrypted remote access ### Why This Matters Understanding packet sniffing is crucial for: - 🛡️ **Defensive Security**: Identifying vulnerabilities - 📚 **Educational Purpose**: Learning network fundamentals - 🔐 **Protocol Design**: Appreciating encryption importance ## 🐛 Troubleshooting ### Common Issues and Solutions #### ❌ "docker-compose: command not found" # Solution: Update installation path # On Mac/Windows: Ensure Docker Desktop is installed and running # On Linux: Install Docker Compose sudo apt-get install docker-compose #### ❌ "Port already in use" # Find and stop conflicting container docker ps -a docker stop # Or modify ports in docker-compose.yml #### ❌ "Containers not communicating" # Check network status docker network ls docker network inspect # Restart containers docker-compose restart #### ❌ "Scapy import error" # Verify installation docker exec -it pip list | grep scapy # Reinstall if needed docker exec -it pip install scapy #### ❌ "No packets captured" # Check interface name in sniffer.py docker exec -it ip addr # Verify network interface is correct (usually 'eth0') ### Debug Commands # View container logs docker-compose logs -f # Access container shell docker exec -it /bin/bash # Check network connectivity docker exec -it ping # List open ports docker exec -it netstat -tlnp ## ⚠️ Disclaimer **⚠️ EDUCATIONAL PURPOSES ONLY** This project is strictly designed for: - 📚 Academic learning and research - 🏫 Computer security education - 🔬 Understanding network protocols - 🛡️ Defensive security training **PROHIBITED USES:** - ❌ Unauthorized access to networks/systems - ❌ Intercepting data without permission - ❌ Malicious purposes or illegal activities **Legal Notice:** Unauthorized access to computer systems is illegal. Only use this lab on systems you own or have explicit written permission to test. Users are responsible for complying with all applicable laws and regulations in their jurisdiction.