Skip to content

Instantly share code, notes, and snippets.

@mchow01
Last active January 29, 2023 23:11
Embed
What would you like to do?
A working Scapy program that sniffs traffic on a live work or from a PCAP file. Goal is to expand this to identify basic vulnerabilities (e.g., credentials sent in plaintext)
#!/usr/bin/python3
from scapy.all import *
import argparse
def packetcallback(packet):
try:
# The following is an example of Scapy detecting HTTP traffic
# Please remove this case in your actual lab implementation so it doesn't pollute the alerts
if packet[TCP].dport == 80:
print("HTTP (web) traffic detected!")
except Exception as e:
# Uncomment the below and comment out `pass` for debugging, find error(s)
#print(e)
pass
# DO NOT MODIFY THE CODE BELOW
parser = argparse.ArgumentParser(description='A network sniffer that identifies basic vulnerabilities')
parser.add_argument('-i', dest='interface', help='Network interface to sniff on', default='eth0')
parser.add_argument('-r', dest='pcapfile', help='A PCAP file to read')
args = parser.parse_args()
if args.pcapfile:
try:
print("Reading PCAP file %(filename)s..." % {"filename" : args.pcapfile})
sniff(offline=args.pcapfile, prn=packetcallback)
except:
print("Sorry, something went wrong reading PCAP file %(filename)s!" % {"filename" : args.pcapfile})
else:
print("Sniffing on %(interface)s... " % {"interface" : args.interface})
try:
sniff(iface=args.interface, prn=packetcallback)
except:
print("Sorry, can\'t read network traffic. Are you root?")
@mchow01
Copy link
Author

mchow01 commented Mar 9, 2018

Bugfix on March 8, 2018: changed args.infile to args.pcapfile on line 23. Thanks to Sam Slate for the find.

@mchow01
Copy link
Author

mchow01 commented Sep 27, 2020

Added comment in code to remove the case to detect HTTP traffic as it will be very annoying in the actual running of the alarm

@mchow01
Copy link
Author

mchow01 commented Oct 6, 2020

pcapy no longer needed!

@mchow01
Copy link
Author

mchow01 commented Sep 29, 2022

Added lines to print exception

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment