Cyber attack programs series 1of 4
Sniffing Packet Using Python
How to perform packet sniffing using python?
In order to perform packet sniffing first understand what packet sniffing is ?
Packet sniffing, also known as packet capturing or network tapping, is the process of intercepting and monitoring network traffic by capturing data packets as they flow across a network. It is a technique used for various purposes, including network troubleshooting, security analysis, and data analysis.
Here’s how packet sniffing works:
- Capture phase: A packet sniffer, which is a software or hardware tool, is placed on the network and configured to capture network traffic. It can capture packets from a specific network interface or monitor the entire network.
- Packet analysis: The captured packets are decoded and analyzed by the packet sniffer. The analysis can include examining the packet headers, which contain information such as the source and destination IP addresses, port numbers, and protocol types (e.g., TCP, UDP, HTTP).
- Data extraction: Depending on the purpose of the packet sniffing, the packet sniffer may extract specific data from the captured packets, such as usernames, passwords, emails, or other sensitive information transmitted in plaintext or unencrypted form.
Program prerequisites
- Ubuntu or any Linux distribution
- Python installed on system
All set we are good to go!
Program Steps
- Update python and install scapy library
user@ubuntu:~$ sudo apt-get update
user@ubuntu:~$ sudo apt-get install python3.pip
user@ubuntu:~$ sudo python3 –m pip install -- pre scapy[complete]2. Create a file name sniff.py
user@ubuntu:~$ gedit sniff.py3. Insert the below code:
from scapy.all import *
def handler(packet):
print(packet.summary())
sniff(iface="wlp1s0", prn=handler, store=0)4. Running the script/program: (sudo for root privilege's)
user@ubuntu:~$ sudo python3 sniffer.pyUnderstanding the program
from scapy.all import *This line imports all the classes and functions from the scapy library, which is a powerful packet manipulation tool for Python. Scapy allows you to sniff, capture, analyze, and craft network packets.
def handler(packet):
print(packet.summary())This defines a function named handler that takes a single argument packet. The packet argument represents a captured network packet. Inside the function, it prints a summary of the packet using the packet.summary() method provided by Scapy. This summary typically includes information like the source and destination addresses, protocol, and packet length.
sniff(iface="wlp1s0", prn=handler, store=0)This line calls the sniff function from Scapy, which initiates packet sniffing (capturing network packets) on the specified interface.
iface="wlp1s0": This parameter specifies the network interface on which the packet sniffing should be performed. In this case, it's set to"wlp1s0", which is a common interface name for a wireless LAN (Wi-Fi) interface on Linux systems. If you are connected with a wired LAN, the interface name might be something like"enp0s3", so theifaceparameter would beiface="enp0s3".prn=handler: This parameter specifies the callback function that will be called for each captured packet. In this case, it's set to thehandlerfunction defined earlier, which will print the summary of each captured packet.store=0: This parameter tells Scapy not to store the captured packets in memory. Setting it to0means that the packets will be processed on-the-fly and not stored, which can help conserve memory when sniffing large amounts of traffic.
When you run this code, it will start capturing network packets on the wlp1s0 interface and print a summary of each captured packet using the handler function. The packet sniffing will continue indefinitely until you stop the program (e.g., by pressing Ctrl+C).
Note: It’s important to note that running packet sniffing tools may require administrative privileges (root or sudo access) on most systems due to the low-level network access required. Additionally, sniffing network traffic on networks you don’t own or have explicit permission to monitor may be illegal and considered a cybercrime in many jurisdictions.
