"A cross-platform packet sniffer that translates raw binary network traffic into human-readable data using Raw Sockets and Struct Unpacking."
PySniff v3 is a CLI-based network analysis tool designed to bridge the gap between low-level packet capture and high-level protocol understanding. Unlike standard sniffers that dump hex code, PySniff includes an internal translation engine that maps protocol numbers and ports to known services (e.g., Identifying Port 443 as HTTPS).
It operates at Layer 3 (Network) and Layer 4 (Transport) of the OSI model, with basic Layer 7 (Application) inspection to detect HTTP traffic.
Instead of displaying raw integers, the tool utilizes dictionary mapping to identify:
- Protocols: TCP, UDP, ICMP.
- Common Services: FTP, SSH, DNS, HTTP/HTTPS, MySQL, RDP, etc.
- TCP Flags: Translates bitwise flags into status messages (e.g.,
SYN-> "INITIATING CONNECTION").
- Payload Analysis: The tool attempts to decode the data payload from ASCII/UTF-8.
- HTTP Detection: Automatically identifies web traffic keywords (
GET,POST,HTTP/) and formats the output for readability.
- SYN Scanning Detection: Flags packets that attempt to initiate connections without completing the handshake.
- RST Flag Monitoring: Alerts on abrupt connection resets, which can indicate firewall blocking or service crashes.
The tool bypasses the Operating System's network stack using Raw Sockets:
# Windows Implementation (Promiscuous Mode via IOCTL)
conn = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IP)
conn.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
# Linux Implementation (AF_PACKET)
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0003))