Using Python to write network packet sniffer

Source: Internet
Author: User
Tags unpack

Use Python to write network packet sniffer (Code a networks packet sniffer in Python for Linux)

by Silver Moon

Basic Sniffer

Sniffers is programs that can capture/sniff/detect network traffic packet by packet and analyse them for various reasons. Commonly used in the field of network security. Wireshark is a very common packet Sniffer/protocol Analyzer. Packet sniffers can be written in Python too. In this article we is going to write a few very simple sniffers in Python for the Linux platform. Linux because, although Python is a portable, the programs wont run or give similar results on Windows for example. This is due-difference in the implementation of the socket API.

sniffers shown here dont use any extra libraries like libpcap. They just use raw sockets. So lets start coding them

The most basic form of a sniffer would is

#Packet sniffer in Python#for linuximport socket#create an INET, raw sockets = Socket.socket (socket.af_inet, socket. SOCK_RAW, Socket. IPPROTO_TCP) # Receive a packetwhile True:  print S.recvfrom (65565)

Run this and root privileges or sudo on Ubuntu:

$ sudo python sniffer.py

The above sniffer works on the principle that a raw socket are capable of receiving all (for its type, like Af_inet) Incomi NG traffic in Linux.

The output could:

$ sudo python raw_socket.py ("E \x00x\xcc\xfc\x00\x000\x06j%j}g\x13\xc0\xa8\x01\x06\x01\xbb\ Xa3\xdc\x0b\xbei\xbf\x1af[\x83p\x18\xff\xff\x88\xf6\x00\x00\x17\x03\x01\x00\x1c\xbbt\xb3\x07}\xb0\xedqe\x1e\ xe7;-\x03\x9bu\xb7\xb1r\xd2\x9e]\xa1\xb8\xac\xa4v\x9a\x17\x03\x01\x00*\xed\x1f\xda\xa4# #Qe \x9a\xe9\xd6\xadn\ Xf4\x9b\xc4\xf0c ' \x01\xc4\x82\xdb\xb2\x8d (\xa5\xd0\x06\x95\x13wo\x0f\x8e\x1c\xa6f\x1d\xdf\xe1x ", (' 74.125.71.19 ', 0)) (' E \x00i\xcc\xfd\x00\x000\x06jsj}g\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbej\x0f\x1af[\x83p\x18\xff\ xff:\x11\x00\x00\x17\x03\x01\x00\x1c\xaa];\t\x81yi\xbbc\xb5\x11\x14 (ct\x13\x10wt\xe0\xbam\xa9\x88/\xf8o{', (' 74.125.71.19 ', 0)) (' E \x00 (\xcc\xfe\x00\x000\x06jsj}g\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbej0\x1afa\x19p\ X10\xff\xff\xe5\xb0\x00\x00 ', (' 74.125.71.19 ', 0)) (' E \x00 (\xcc\xff\x00\x000\x06jrj}g\x13\xc0\xa8\x01\x06\x01\xbb \xa3\xdc\x0b\xbej0\x1afbtp\x10\xff\xff\xe4u\x00\x00 ', (' 74.125.71.19 ', 0)) 

The above is a dump of the network packets in hex. They can be parsed using the unpack function.

Parsing the sniffed packet

Here is the code sniff and parse a TCP packet

#Packet sniffer in Python for linux#sniffs only incoming TCP packetimport sockets, sysfrom struct import * #create an INET, Streaming sockettry:s = Socket.socket (socket.af_inet, socket. SOCK_RAW, Socket. IPPROTO_TCP) except Socket.error, Msg:print ' socket could not being created. Error Code: ' + str (msg[0]) + ' Message ' + msg[1]sys.exit () # receive a packetwhile True:packet = S.recvfrom (65565) #packe T string from tuplepacket = Packet[0] #take First, characters for the IP Headerip_header = packet[0:20] #now unpack them: ) Iph = Unpack ('! Bbhhhbbh4s4s ', ip_header) Version_ihl = Iph[0]version = Version_ihl >> 4IHL = version_ihl & 0xfiph_length = IHL * 4ttl = Iph[5]protocol = Iph[6]s_addr = Socket.inet_ntoa (iph[8]);d _addr = Socket.inet_ntoa (iph[9]);p rint ' Version: ' + S  TR (version) + ' IP Header Length: ' + str (IHL) + ' TTL: ' + str (TTL) + ' Protocol: ' + str (Protocol) + ' Source Address ' : ' + str (s_addr) + ' Destination Address: ' + str (d_addr) Tcp_header = Packet[iph_length:iph_lengtH+20] #now unpack them:) tcph=unpack ('! Hhllbbhhh ', Tcp_header)              &N Bsp;source_port=tcph[0]         dest_port=tcph[1]          SEQUENCE=TCPH[2]         ac KNOWLEDGEMENT=TCPH[3]         doff_reserved=tcph[4] &nbs P;       tcph_length=doff_reserved >>4     &nbsp              ;         print ' Source Port: ' +str (source_port) + ' Dest Port: ' +str (Dest_port)              + ' Sequence number: ' +str (Sequence) + ' acknowledgement: ' +str (acknowledgement) + ' TCP header length: ' +str (tcph_length)               h_size=iph_length+tcph_length*4         data_size=len (packet)-H _size                #get data F Rom the packet         data=packet[h_size:]                              print ' Data: ' +data

Print

Using Python to write network packet sniffer

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.