Using Python to write network packet sniffer

Use Python to write network packet sniffer (Code a networks packet sniffer in Python for Linux)

by Silver Moon

Basic Sniffer

Sniffers is programs that can capture/sniff/detect network traffic packet by packet and analyse them for various reasons. Commonly used in the field of network security. Wireshark is a very common packet Sniffer/protocol Analyzer. Packet sniffers can be written in Python too. In this article we is going to write a few very simple sniffers in Python for the Linux platform. Linux because, although Python is a portable, the programs wont run or give similar results on Windows for example. This is due-difference in the implementation of the socket API.

sniffers shown here dont use any extra libraries like libpcap. They just use raw sockets. So lets start coding them

The most basic form of a sniffer would is

#Packet sniffer in Python#for linuximport socket#create an INET, raw sockets = Socket.socket (socket.af_inet, socket. SOCK_RAW, Socket. IPPROTO_TCP) # Receive a packetwhile True:  print S.recvfrom (65565)

Run this and root privileges or sudo on Ubuntu:

$ sudo python sniffer.py

The above sniffer works on the principle that a raw socket are capable of receiving all (for its type, like Af_inet) Incomi NG traffic in Linux.

The output could:

$ sudo python raw_socket.py ("E \x00x\xcc\xfc\x00\x000\x06j%j}g\x13\xc0\xa8\x01\x06\x01\xbb\ Xa3\xdc\x0b\xbei\xbf\x1af[\x83p\x18\xff\xff\x88\xf6\x00\x00\x17\x03\x01\x00\x1c\xbbt\xb3\x07}\xb0\xedqe\x1e\ xe7;-\x03\x9bu\xb7\xb1r\xd2\x9e]\xa1\xb8\xac\xa4v\x9a\x17\x03\x01\x00*\xed\x1f\xda\xa4# #Qe \x9a\xe9\xd6\xadn\ Xf4\x9b\xc4\xf0c ' \x01\xc4\x82\xdb\xb2\x8d (\xa5\xd0\x06\x95\x13wo\x0f\x8e\x1c\xa6f\x1d\xdf\xe1x ", (' 74.125.71.19 ', 0)) (' E \x00i\xcc\xfd\x00\x000\x06jsj}g\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbej\x0f\x1af[\x83p\x18\xff\ xff:\x11\x00\x00\x17\x03\x01\x00\x1c\xaa];\t\x81yi\xbbc\xb5\x11\x14 (ct\x13\x10wt\xe0\xbam\xa9\x88/\xf8o{', (' 74.125.71.19 ', 0)) (' E \x00 (\xcc\xfe\x00\x000\x06jsj}g\x13\xc0\xa8\x01\x06\x01\xbb\xa3\xdc\x0b\xbej0\x1afa\x19p\ X10\xff\xff\xe5\xb0\x00\x00 ', (' 74.125.71.19 ', 0)) (' E \x00 (\xcc\xff\x00\x000\x06jrj}g\x13\xc0\xa8\x01\x06\x01\xbb \xa3\xdc\x0b\xbej0\x1afbtp\x10\xff\xff\xe4u\x00\x00 ', (' 74.125.71.19 ', 0)) 

The above is a dump of the network packets in hex. They can be parsed using the unpack function.

Parsing the sniffed packet

Here is the code sniff and parse a TCP packet

#Packet sniffer in Python for linux#sniffs only incoming TCP packetimport sockets, sysfrom struct import * #create an INET, Streaming sockettry:s = Socket.socket (socket.af_inet, socket. SOCK_RAW, Socket. IPPROTO_TCP) except Socket.error, Msg:print ' socket could not being created. Error Code: ' + str (msg[0]) + ' Message ' + msg[1]sys.exit () # receive a packetwhile True:packet = S.recvfrom (65565) #packe T string from tuplepacket = Packet[0] #take First, characters for the IP Headerip_header = packet[0:20] #now unpack them: ) Iph = Unpack ('! Bbhhhbbh4s4s ', ip_header) Version_ihl = Iph[0]version = Version_ihl >> 4IHL = version_ihl & 0xfiph_length = IHL * 4ttl = Iph[5]protocol = Iph[6]s_addr = Socket.inet_ntoa (iph[8]);d _addr = Socket.inet_ntoa (iph[9]);p rint ' Version: ' + S  TR (version) + ' IP Header Length: ' + str (IHL) + ' TTL: ' + str (TTL) + ' Protocol: ' + str (Protocol) + ' Source Address ' : ' + str (s_addr) + ' Destination Address: ' + str (d_addr) Tcp_header = Packet[iph_length:iph_lengtH+20] #now unpack them:) tcph=unpack ('! Hhllbbhhh ', Tcp_header)              &N Bsp;source_port=tcph[0]         dest_port=tcph[1]          SEQUENCE=TCPH[2]         ac KNOWLEDGEMENT=TCPH[3]         doff_reserved=tcph[4] &nbs P;       tcph_length=doff_reserved >>4     &nbsp              ;         print ' Source Port: ' +str (source_port) + ' Dest Port: ' +str (Dest_port)              + ' Sequence number: ' +str (Sequence) + ' acknowledgement: ' +str (acknowledgement) + ' TCP header length: ' +str (tcph_length)               h_size=iph_length+tcph_length*4         data_size=len (packet)-H _size                #get data F Rom the packet         data=packet[h_size:]                              print ' Data: ' +data
Print
   

Using Python to write network packet sniffer