sniffer.py - python (2+3) network sniffer
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
sniffer.py

README.md

[]: {{{1

File        : README.md
Maintainer  : Felix C. Stegerman <flx@obfusk.net>
Date        : 2015-09-13

Copyright   : Copyright (C) 2015  Felix C. Stegerman
Version     : v0.1.0

[]: }}}1

Description

sniffer.py - python (2+3) network sniffer

See sniffer.py for the code (with examples).

Examples

[]: {{{1

$ sudo ./sniffer.py --filter '"TCP" in protos and "obfusk" in tcp_data'
...
[ 1441933466 | eth0 | protos: eth >> IP >> TCP >> HTTP ]:
  parsed:
    eth_source_mac          : XXXXXXXXXXXX
    eth_dest_mac            : XXXXXXXXXXXX
    eth_q_tag               : None
    eth_type                : 2048 (0x800)
    ip_source               : X.X.X.X
    ip_dest                 : 213.108.108.143
    ip_PROTO                : 6 (0x6)
    ip_TTL                  : 64 (0x40)
    tcp_source_port         : 1234 (0x4d2)
    tcp_dest_port           : 80 (50)
    tcp_seq_n               : 67890 (0x10932)
    tcp_ack_n               : 12345 (0x3039)
    tcp_flags               : ack=1 ... syn=0 ...
    tcp_win_sz              : 229 (0xe5)
    http_subtype            : HTTP_REQUEST
    http_request_line       : GET / HTTP/1.1
    http_request_method     : GET
    http_request_uri        : /
    http_request_version    : HTTP/1.1
    http_headers            :
      accept                    : */*
      host                      : obfusk.ch
      user-agent                : curl/7.44.0
    http_body               : ''
  raw:
    XX XX XX XX XX XX XX XX XX XX XX XX 08 00 45 00  XXXXXXXXXXXX..E.
    00 7d 02 07 40 00 40 06 1a cf XX XX XX XX XX XX  .}..@.@...XXXXXX
    XX XX eb 4c 00 50 be 73 a2 ee 99 18 6c ed 80 18  XX.L.P.s....l...
    00 e5 1e 15 00 00 01 01 08 0a 00 64 a0 ee 28 39  ...........d..(9
    c6 f6 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31  ..GET / HTTP/1.1
    0d 0a 48 6f 73 74 3a 20 6f 62 66 75 73 6b 2e 63  ..Host: obfusk.c
    68 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 63  h..User-Agent: c
    75 72 6c 2f 37 2e 34 34 2e 30 0d 0a 41 63 63 65  url/7.44.0..Acce
    70 74 3a 20 2a 2f 2a 0d 0a 0d 0a                 pt: */*....
...

[]: }}}1

TODO

  • more parsers (DNS, ...)!
  • prettier printing?!
  • privilege dropping?!
  • ...

License

GPLv3+ [1].

References

[1] GNU General Public License, version 3 --- https://www.gnu.org/licenses/gpl-3.0.html

[]: ! ( vim: set tw=70 sw=2 sts=2 et fdm=marker : )