LinuxCommandLibrary

sniff.py

Capture and analyze network packets

TLDR

List available network interfaces and select one to start capturing packets (requires sudo)

$ sudo sniff.py
copy

Capture packets and save output to a file while displaying it on the terminal
$ sudo sniff.py | sudo tee [output_file]
copy

SYNOPSIS

python sniff.py [options]

PARAMETERS

-i
    Specify the network interface to listen on. If not specified, the script might use the default interface.

-f
    Specify a BPF (Berkeley Packet Filter) expression to filter packets. This allows capturing only packets that match specific criteria (e.g., 'tcp port 80' to capture HTTP traffic).

-c
    Specify the number of packets to capture. If not specified, the script may run indefinitely until interrupted.

-w
    Write the captured packets to a PCAP file for later analysis.

-v
    Verbose output. Show more information about the packets.

-h
    Display help message and exit.

DESCRIPTION

sniff.py is a Python script designed for capturing and analyzing network packets. It allows users to passively monitor network traffic, inspect packet headers, and potentially analyze packet payloads. This script is often used for network troubleshooting, security analysis, and educational purposes. It leverages libraries such as Scapy to craft and decode network packets, providing a powerful and flexible tool for network investigation. The script's functionality typically includes filtering packets based on various criteria (protocol, port, IP address), displaying packet information in a human-readable format, and potentially writing packet data to a PCAP file for later analysis with tools like Wireshark.

Please note that capturing network traffic without proper authorization may be illegal. Ensure you have the necessary permissions before using `sniff.py` on any network.

CAVEATS

This script requires the Scapy library to be installed. Also, capturing network traffic typically requires root privileges. Packet capturing without authorization is illegal.

EXAMPLE USAGE

python sniff.py -i eth0 -f 'tcp port 80' -c 10 captures 10 TCP packets on the eth0 interface that are destined for port 80. python sniff.py -w capture.pcap captures all packets and writes them to the capture.pcap file.

SECURITY CONSIDERATIONS

Be mindful of the data you capture and store. Network traffic may contain sensitive information like passwords or personal data. Handle captured data responsibly and securely.

SEE ALSO

tcpdump(1), wireshark(1), tshark(1)

Copied to clipboard