Task 5: Network Packet Analyzer

Develop a packet sniffer tool that captures and analyzes network packets. Display relevant information such as source and destination IP addresses, protocols, and payload data. Ensure the ethical use of the tool for educational purposes.

What is network packets? 


Network packets are small units of data that are transmitted over a network. When data is sent over a network, it is broken down into smaller, manageable pieces called packets. Each packet contains a portion of the data along with necessary metadata, such as source and destination addresses, to ensure it reaches the correct destination and can be reassembled into the original message.


Key Components of a Network Packet
1. Header: Contains metadata about the packet, including:

    1. Source IP Address: The IP address of the sender.
    2. Destination IP Address: The IP address of the receiver.
    3. Protocol Information: The protocol used (e.g., TCP, UDP).
    4. Packet Number: Helps in reassembling the data in the correct order.
    5. Other Control Information: Like error-checking codes and packet size.
    6. Payload: The actual data being transmitted. This is the portion of the packet that carries the user's data.


2. Types of Network Packets

   
    1. TCP Packets: Used in the Transmission Control Protocol (TCP), which provides reliable, ordered, and error-checked delivery of a stream of bytes. TCP packets include additional information in the header to manage data flow and ensure that data is correctly reassembled.
    
    2. UDP Packets: Used in the User Datagram Protocol (UDP), which provides a simpler, connectionless transmission model. UDP packets are used where speed is more critical than reliability (e.g., video streaming, online gaming).


3. How Network Packets Work


    1. Data Segmentation: When you send data over the network, it is divided into smaller segments or packets.
    
    2. Packet Transmission: Each packet is transmitted individually over the network. Packets may take different routes to reach the destination.
    
    3. Packet Routing: Routers and switches in the network direct packets to their destination based on the IP address.
    
    4. Packet Reassembly: At the destination, packets are reassembled into the original data.
    
    5. Error Checking: Protocols like TCP ensure that all packets have arrived and are in the correct order. If a packet is missing or corrupted, it is retransmitted.




In [None]:
Example of a Network Packet Structure
A simple representation of an IP packet might look like this:
+----------------------+------------------------+---------------------+
|        Header        |         Payload        |       Trailer       |
+----------------------+------------------------+---------------------+
| Source IP: 192.0.2.1 | Data chunk (e.g., part | Error-checking code |
| Destination IP:      | of a file, message,    |                     |
| 203.0.113.5          | etc.)                  |                     |
| Protocol: TCP        |                        |                     |
| Packet Number: 1     |                        |                     |
+----------------------+------------------------+---------------------+


Importance of Network Packets



1. Efficiency: Breaking data into packets allows for more efficient use of the network. Packets can be routed around congested areas of the network, avoiding bottlenecks.

2. Reliability: Protocols like TCP ensure data integrity and reliability by retransmitting lost packets.

3. Scalability: Networks can handle a large amount of data by managing and routing packets effectively.
Network packets are fundamental to how data is transmitted over modern networks, enabling everything from web browsing to streaming video and online gaming.





1. Explanation:

    1. scapy.all: Importing all necessary functions and classes from the scapy library.
    
    2. sniff function: Captures packets. The prn parameter specifies a callback function (packet_callback) to process each captured packet.
    
    3. packet_callback function: This function is called for each captured packet. It checks if the packet contains an IP layer, then extracts the source and destination IP addresses, the protocol, and the payload if the packet is TCP or UDP.


2. Ethical Considerations:
    
    1. Legal Compliance: Ensure you have permission to capture packets on the network you are monitoring. Unauthorized packet sniffing can be illegal.
    
    2. Privacy: Respect the privacy of others. Use the tool strictly for educational purposes and only on networks you own or have explicit permission to analyze.


3. Enhancements:
    1. Filter packets based on specific criteria (e.g., port numbers, specific IP addresses).
    2. Save captured packets to a file for later analysis.
    3. Add more detailed analysis (e.g., extract HTTP headers, DNS queries).
    4. User Interface: Create a GUI to display captured packets in a more user-friendly format.

In [None]:
from scapy.all import sniff, IP, TCP, UDP
from scapy.all import conf

# Use Npcap instead of WinPcap
conf.use_pcap = True


def packet_callback(packet):
    if IP in packet:
        ip_src = packet[IP].src
        ip_dst = packet[IP].dst
        protocol = packet[IP].proto
        
        if protocol == 6:
            protocol_name = "TCP"
        elif protocol == 17:
            protocol_name = "UDP"
        else:
            protocol_name = "Other"
        
        print(f"Source IP: {ip_src}, Destination IP: {ip_dst}, Protocol: {protocol_name}")

        if TCP in packet:
            print(f"TCP Payload: {packet[TCP].payload}")
        elif UDP in packet:
            print(f"UDP Payload: {packet[UDP].payload}")

# Sniffing on the network interface (e.g., "eth0", "wlan0")
print("Starting packet sniffer...")
sniff(prn=packet_callback, filter="ip", store=0)
