Simple python sniffer with pcapy and impacket

Pcapy home page
Impacket home page

To install pcapy and impacket:

sudo apt-get install python-pcapy
sudo apt-get install python-impacket

Run the script below with root privileges.

#!/usr/bin/python
 
import pcapy
import sys
from impacket import ImpactDecoder
 
def callback(header, data):
	decoder = ImpactDecoder.EthDecoder()
	ethernet_pck = decoder.decode(data)
	ip_hdr = ethernet_pck.child()
	tcp_hdr = ip_hdr.child()
	source_ip = ip_hdr.get_ip_src()
	dest_ip = ip_hdr.get_ip_dst()
	print "Connection detected: %s -> %s" % (source_ip, dest_ip)
 
#promisc mode
sniff = pcapy.open_live("eth0", 1500, 1, 100)
#tcp only
sniff.setfilter('ip proto \tcp')
sniff.loop(0, callback)

This is a very simple packet sniffer that prints only destination and source ip.
You could extend it, to fit your needs.

Categories: Linux, Python Tags: , , , ,
%d bloggers like this: