[]: {{{1
File : README.md
Maintainer : Felix C. Stegerman <flx@obfusk.net>
Date : 2015-09-13
Copyright : Copyright (C) 2015 Felix C. Stegerman
Version : v0.1.0
[]: }}}1
Description
sniffer.py - python (2+3) network sniffer
See sniffer.py for the code (with examples).
Examples
[]: {{{1
$ sudo ./sniffer.py --filter '"TCP" in protos and "obfusk" in tcp_data'
...
[ 1441933466 | eth0 | protos: eth >> IP >> TCP >> HTTP ]:
parsed:
eth_source_mac : XXXXXXXXXXXX
eth_dest_mac : XXXXXXXXXXXX
eth_q_tag : None
eth_type : 2048 (0x800)
ip_source : X.X.X.X
ip_dest : 213.108.108.143
ip_PROTO : 6 (0x6)
ip_TTL : 64 (0x40)
tcp_source_port : 1234 (0x4d2)
tcp_dest_port : 80 (50)
tcp_seq_n : 67890 (0x10932)
tcp_ack_n : 12345 (0x3039)
tcp_flags : ack=1 ... syn=0 ...
tcp_win_sz : 229 (0xe5)
http_subtype : HTTP_REQUEST
http_request_line : GET / HTTP/1.1
http_request_method : GET
http_request_uri : /
http_request_version : HTTP/1.1
http_headers :
accept : */*
host : obfusk.ch
user-agent : curl/7.44.0
http_body : ''
raw:
XX XX XX XX XX XX XX XX XX XX XX XX 08 00 45 00 XXXXXXXXXXXX..E.
00 7d 02 07 40 00 40 06 1a cf XX XX XX XX XX XX .}..@.@...XXXXXX
XX XX eb 4c 00 50 be 73 a2 ee 99 18 6c ed 80 18 XX.L.P.s....l...
00 e5 1e 15 00 00 01 01 08 0a 00 64 a0 ee 28 39 ...........d..(9
c6 f6 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 ..GET / HTTP/1.1
0d 0a 48 6f 73 74 3a 20 6f 62 66 75 73 6b 2e 63 ..Host: obfusk.c
68 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 h..User-Agent: c
75 72 6c 2f 37 2e 34 34 2e 30 0d 0a 41 63 63 65 url/7.44.0..Acce
70 74 3a 20 2a 2f 2a 0d 0a 0d 0a pt: */*....
...
[]: }}}1
TODO
- more parsers (DNS, ...)!
- prettier printing?!
- privilege dropping?!
- ...
License
GPLv3+ [1].
References
[1] GNU General Public License, version 3 --- https://www.gnu.org/licenses/gpl-3.0.html
[]: ! ( vim: set tw=70 sw=2 sts=2 et fdm=marker : )