In [None]:
import os #This module provides a way to use operating system dependent functionality.
import socket  #allows you to create client-server applications that communicate over a network
from struct import unpack

os.system("clear")
print ("\n----------------------------------------------------")
print ("\n------      SNIFFING PACKET AND ANALYZING     ------")
print ("\n----------------------------------------------------\n")

#create an INET, raw socket 
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) 
   #creates a socket object sock using the socket.socket() constructor.The arguments socket.AF_INET and socket.SOCK_DGRAM specify that the socket will use IPv4 addressing (AF_INET) and will be of type UDP (SOCK_DGRAM). This means the socket will be used for UDP communication.

# receive a packet
while True:
    print ("\n\n")
    packet = s.recvfrom(65565) #Calls the recvfrom() method on the socket object s to receive a packet. The argument 65565 specifies the maximum size of the packet to be received.
    print (packet)
    break

#packet string from tuple
packet = packet[0] #extracts the first element from the received packet

#take first 20 characters for the ip header
ip_header = packet[0:20] #code selects the first 20 bytes of the packet.first 20 bytes represent the IP header.
print ("\n\n")
print (ip_header)

#now unpack them :)
iph = unpack('!BBHHHBBH4s4s' , ip_header)
    #The unpack() function takes two arguments: the format string and the data to be unpacked. 
    #In this case, the format string '!BBHHHBBH4s4s' specifies the format of the IP header. 
    #The exclamation mark '!' indicates network byte order (big-endian), and the individual format 
    #specifiers represent the types and sizes of the fields within the IP header.

version_ihl = iph[0] #retrieves the first element from iph, which corresponds to the combined value of the IP version and IHL.
version = version_ihl >> 4 #uses a bitwise right shift (>>) operation by 4 bits to move the version bits to the rightmost position, isolating them
ihl = version_ihl & 0xF #performs a bitwise AND (&) operation with 0xF (binary 1111) to extract the IHL bits, effectively masking out the version bits.

iph_length = ihl * 4 #multiplies the IHL value by 4 to calculate the length of the IP header in bytes. Since each word is 32 bits (4 bytes), multiplying the IHL value by 4 gives you the header length in bytes

ttl = iph[5]                         #The line ttl = iph[5] extracts the TTL value from the IP header, and protocol = iph[6] retrieves the protocol field.
protocol = iph[6]                    #The lines s_addr = socket.inet_ntoa(iph[8]) and d_addr = socket.inet_ntoa(iph[9]) convert the source and destination IP 
s_addr = socket.inet_ntoa(iph[8]);   #addresses from their packed binary representation to the standard dotted-decimal format using the inet_ntoa() function from the socket module.
d_addr = socket.inet_ntoa(iph[9]);

print ('\nVersion : ' + str(version) + '\nIP Header Length : ' + str(ihl) + '\nTTL : ' + str(ttl) + '\nProtocol : ' + str(protocol) + '\nSource Address : ' + str(s_addr) + '\nDestination Address : ' + str(d_addr))

tcp_header = packet[iph_length:iph_length+20]
  #retrieves the 20 bytes TCP header from recieved packet

#now unpack them :)
tcph = unpack('!HHLLBBHHH' , tcp_header) #function to unpack the TCP header data according to the provided format string '!HHLLBBHHH'.
          #H represents a 2-byte unsigned short, L represents a 4-byte unsigned long, and B represents a 1-byte unsigned c

source_port = tcph[0] # retrieves the source port
dest_port = tcph[1]   # retrieves the destination port
sequence = tcph[2]  #extract the sequence number
acknowledgement = tcph[3] #extract acknowledgement number
doff_reserved = tcph[4]  #extract data offset and reserved bits
tcph_length = doff_reserved >> 4 #then calculates the TCP header length by shifting the data offset and reserved bits by 4 bits to the right.

print ('\nSource Port : ' + str(source_port) + '\nDest Port : ' + str(dest_port) + '\nSequence Number : ' + str(sequence) + '\nAcknowledgement : ' + str(acknowledgement) + '\nTCP header length : ' + str(tcph_length))

h_size = iph_length + tcph_length * 4  #represents the cumulative size of the IP header and the TCP header in bytes. Since the TCP header length is specified in terms of 32-bit words (each word being 4 bytes), multiplying tcph_length by 4 gives the size of the TCP header in bytes. Adding this to iph_length gives the total size of both headers.
data_size = len(packet) - h_size #represents the size of the payload data in the packet. It is calculated by subtracting h_size from the total length of the packet (len(packet)), assuming that the remaining bytes after the headers correspond to the payload data.
 
#get data from the packet
data = packet[h_size:] #extracts the payload data from the received packet. It assumes that the payload data starts immediately after the TCP header and extends to the end of the packet.

print ('\nData : ', str(data))    

print ("\n\n--------------------- End of Sniffer Program ----------------------")


----------------------------------------------------

------      SNIFFING PACKET AND ANALYZING     ------

----------------------------------------------------




(b'E\x00\n/:\xb6@\x00@\x06\x9d\xc2\xac\x1c\x00\x0c\xac\x1c\x00\x0c#(\xc9^\xa0\xdb"Q\xffH\xf5(\x80\x18\x02\x00br\x00\x00\x01\x01\x08\n\xe2\xb4\x19\xff\xe2\xb4\x19\xf1\x81~\t\xf7{"header": {"msg_id": "cc89a5fc-0f6a10e67a4dd141f54f7d96_17", "msg_type": "execute_input", "username": "username", "session": "cc89a5fc-0f6a10e67a4dd141f54f7d96", "date": "2023-05-28T18:39:57.492791Z", "version": "5.3"}, "msg_id": "cc89a5fc-0f6a10e67a4dd141f54f7d96_17", "msg_type": "execute_input", "parent_header": {"msg_id": "7269d8fe-e83f-4977-82b8-1dd0ea87b8da", "username": "username", "session": "d5923dc7-17da-49ea-8c5c-0b11db88dc24", "msg_type": "execute_request", "version": "5.0", "date": "2023-05-28T18:39:57.491576Z"}, "metadata": {}, "content": {"code": "import os\\nimport socket\\nfrom struct import unpack\\n\\nos.system(\\"clear\\")\\nprint