(An Autonomous Institution Affiliated to VTU, Belagavi)

Department of Electronics and Communication

Engineering

Group Activity Report on

PACKET SNIFFING USING PYTHON
Submitted to
Department of Electronics and Communication Engineering Dr. Ambedkar
Institute of Technology, Bengaluru for the partial fulfilment of the
completion of subject CRYPTOGRAPHY(18EC642) as a group
activity for the academic year 2022-23
A part of curriculum in
Bachelor of Engineering
In
Electronics and Communication
by

Aditi Pai 1DA20EC005

Akshay R 1DA20EC010

Arun Kumar N 1DA20EC020

Bindushree M 1DA20EC025

Under the Guidance of

Dr RAMESH S
Professor
Department of Electronics and Communication Engineering
Dr. Ambedkar Institute of Technology
 Department of Electronics and Communication Engineering

CERTIFICATE
Aditi Pai 1DA20EC005

Akshay R 1DA20EC010

Arun Kumar N 1DA20EC020

Bindushree M 1DA20EC025
This is to certify that the students have completed their group activity work
titled: PACKET SNIFFING USING PYTHON for the partial fulfilment of
completion of the subject CRYPTOGRAPHY (18EC642) as a part of
curriculum of Bachelor Of Engineering during the academic year 2022-23.
Faculty Incharge

Under the Guidance of

Dr RAMESH S

Professor
Department of ECE
[Link], Bengaluru-56

1. Abstract
 The abstract provides a brief overview of the report, summarizing the main
objectives and findings related to packet sniffing using Python. It highlights
the significance of the topic and the potential benefits of using Python for
this purpose.

Packet sniffing finds use when a user visits a website, their web browser
sends HTTP requests to the server to fetch web pages. A packet sniffer can
capture these HTTP packets and extract the URLs requested, helping network
administrators identify browsing patterns and potential security threats.

The main purpose of this report is to explore the concept of packet sniffing,
its significance in network analysis, and demonstrate how Python can be used
effectively for packet sniffing tasks.

By the end of this report, we will gain a comprehensive understanding of

packet sniffing techniques, Python's role in network programming, and how
to implement a packet sniffer application using Python libraries.
 2. Introduction

What is Packet Sniffing?

- Packet sniffing is the process of capturing and analysing data packets as
they traverse a computer network. It involves intercepting network traffic to
examine the contents of packets, such as source and destination IP addresses,
protocol information, payload data, etc.

- Example: When a user visits a website, their web browser sends HTTP
requests to the server to fetch web pages. A packet sniffer can capture these
HTTP packets and extract the URLs requested, helping network
administrators identify browsing patterns and potential security threats.
 3. Background
3.1 Networking Fundamentals
- This section introduces fundamental concepts of computer networking,
such as nodes, routers, switches, protocols, and data transmission.

- Example: A brief explanation of how data packets are sent from a source
to a destination in a network.

3.2 OSI Model

- The OSI (Open Systems Interconnection) model is an essential
framework used to understand network communication and the different
layers involved.

- Example: Explaining how each layer of the OSI model contributes to data
encapsulation and transmission.

3.3 TCP/IP Protocol Suite

- The TCP/IP protocol suite is the foundation of the modern internet and is
used for communication between devices over the internet.

- Example: Highlighting the role of TCP and UDP in data transmission and
the significance of IP addresses for routing.

[Link] Sniffing Techniques

4.1 Passive Sniffing

- Passive sniffing involves observing network traffic without actively
sending packets, making it less intrusive and harder to detect.

- Example: Monitoring network traffic with Wireshark to analyse the

packets exchanged during an online video streaming session.

4.2 Active Sniffing

- Active sniffing requires injecting packets into the network to capture
specific responses and is more intrusive than passive sniffing.
 - Example: Demonstrating a simple ARP (Address Resolution Protocol)
spoofing attack to capture packets exchanged between two devices on a local
network.

4.3 Promiscuous Mode

- Promiscuous mode allows network interfaces to capture all packets on
the network, not just those addressed to the specific device.

- Example: Enabling promiscuous mode on a network adapter to capture

all packets passing through the local network.

5. Python and Networking

5.1 Introduction to Python for Networking

- Python's versatility and ease of use make it an excellent choice for
network programming tasks.

- Example: Writing a basic Python script to establish a socket connection

and exchange data between a client and a server.

5.2 Socket Programming in Python

- Socket programming enables communication between devices over a
network using sockets.
- Example: Implementing a simple chat application using Python's socket
module to send and receive messages over the network.

6. Packet Sniffing with Python

6.1 Required Python Libraries

- Introduction to Python libraries that facilitate packet sniffing, such as
Scapy, pcapy, and pyshark.

- Example: Installing and importing Scapy to use its packet capturing and
parsing functionalities.

6.2 Setting Up the Environment

 - Instructions for setting up the Python environment to begin packet
sniffing.

- Example: Installing required Python dependencies and configuring the

network interface for sniffing.

6.3 Capturing Packets

- A step-by-step guide on how to capture packets using Python libraries.

- Example: Writing a Python script to capture and display packets

transmitted between two devices on the same network.

6.4 Analyzing Captured Packets

- Exploring techniques to analyze the captured packets for relevant
information.

- Example: Parsing captured DNS packets to identify domain names

requested by users.

7. Ethical Considerations
7.1 Legal and Ethical Implications of Packet Sniffing
- Addressing the legal and ethical aspects of packet sniffing, including
privacy concerns and potential misuse.

- Example: Discussing the importance of obtaining consent when

performing packet sniffing on a network.

7.2 Best Practices for Responsible Packet Sniffing

- Providing guidelines and best practices to ensure responsible and ethical
packet sniffing practices.

- Example: Emphasizing the need for using packet sniffing only for authorized
and legitimate network analysis purposes.
 8. Program

Packet sniffing is a sensitive topic as it can potentially violate privacy and

security regulations. It's important to use this knowledge responsibly and
only in a controlled environment. Additionally, packet sniffing encrypted
traffic without proper authorization is illegal.

However, if you're interested in understanding how packet sniffing and

cryptography can be combined in a Python code, here's a simple example
that demonstrates capturing network packets using scapy and performing
cryptographic operations on the payload:

Python

import [Link] as scapy

from [Link] import AES
from [Link] import pad, unpad

# Define the network interface to sniff on

interface = "eth0"

# Define the key for encryption

key = b"mysecretkey12345"

# Create an AES cipher object

cipher = [Link](key, AES.MODE_ECB)

# Define a packet handler function

def packet_handler(packet):
if [Link]([Link]):
# Extract the payload from the packet
payload = packet[[Link]].load

# Decrypt the payload using AES decryption

decrypted_payload = [Link](payload)

# Unpad the decrypted payload

 unpadded_payload = unpad(decrypted_payload, AES.block_size)

# Print the decrypted payload

print(unpadded_payload)

# Start sniffing packets on the specified interface

[Link](iface=interface, prn=packet_handler)

In this example, we use the `scapy` library to capture network packets on the
specified interface (`eth0` in this case). We assume the packets contain
encrypted payloads encrypted using AES in ECB mode. The `[Link]`
module from the `pycryptodome` library is used to perform the encryption
and decryption operations. The `[Link]` module helps with
padding and unpadding the data.

The `packet_handler` function is called for each captured packet that has a
raw payload. It decrypts the payload using the specified key and prints the
decrypted data.

Remember, it is crucial to respect privacy and security regulations, and only

use these techniques in legal and authorized scenarios.
[Link] Study: Building a Packet Sniffer
Application

9.1 Design and Architecture

- Outlining the design and architecture of a packet sniffer application using
Python.

- Example: Creating a flowchart and explaining the modules responsible

for capturing and analyzing packets.

9.2 Implementation
- Providing a step-by-step guide to implement the packet sniffer
application with Python.

- Example: Writing Python code to capture packets using Scapy and display
relevant packet information.

9.3 Testing and Validation

- Describing the testing process and validating the functionality of the
packet sniffer application.

- Example: Running the packet sniffer on a test network to verify the

accuracy of captured packet information.

10. Packet Sniffing Tools in Python

10.1 Scapy
- An in-depth explanation of Scapy, a powerful Python library for packet
manipulation and sniffing.
- Example: Demonstrating Scapy's ability to craft custom packets and send
them over the network.

10.2 pcapy
- Exploring the features of pcapy, a Python extension for packet capturing
using libpcap.
 - Example: Writing a Python script with pcapy to filter and capture
packets based on specific criteria.

10.3 pyshark
- Introducing pyshark, a Python wrapper for tshark, to analyze and dissect
packet captures.
- Example: Using pyshark to extract HTTP headers from captured packets.

11. Comparison with Other Programming Languages

11.1 Python vs. C/C++
- A comparative analysis of using Python and C/C++ for packet sniffing
tasks.
- Example: Highlighting the ease of use and rapid development
capabilities of Python compared to C/C++.

11.2 Python vs. Java

- Examining the differences and advantages of using Python and Java for
networking and packet sniffing.
- Example: Comparing the syntax of packet sniffing code in Python and
Java.

12. Future Trends and Advancements

12.1 Artificial Intelligence in Packet Sniffing
- Discussing how AI and machine learning could enhance packet sniffing
capabilities.
- Example: Speculating on the use of AI to automatically detect anomalies
and security threats in network traffic.

12.2 Packet Sniffing in Software-Defined Networking (SDN)

- Exploring the potential integration of packet sniffing with SDN
technologies.
- Example: Describing how SDN controllers can leverage packet sniffing
for real-time traffic analysis.

13. Challenges and Limitations

13.1 Performance Overhead
- Addressing the potential performance impact of packet sniffing on
network resources.
 - Example: Conducting performance tests to measure the resource
consumption of a packet sniffer.

13.2 Encrypted Traffic and SSL/TLS

- Discussing the challenges of packet sniffing when dealing with
encrypted traffic.

- Example: Explaining how packet sniffing alone may not be sufficient to

analyze the contents of SSL/TLS encrypted packets.

13.3 Network Complexity

- Highlighting the complexities involved in sniffing packets on large and
complex networks.

- Example: Discussing the potential challenges of capturing packets in a

network with multiple subnets and VLANs.

14. Security Measures against Packet Sniffing

14.1 Encryption and Secure Protocols

- Discussing the role of encryption and secure protocols in protecting data
from packet sniffing attacks.

Example: Explaining the benefits of using HTTPS to encrypt sensitive data

during transmission.

14.2 Intrusion Detection Systems (IDS) and Intrusion Prevention Systems

(IPS)
- Explaining how IDS and IPS can help detect and prevent malicious
packet sniffing activities.

Example: Demonstrating the use of an IDS to alert administrators about

suspicious packet sniffing attempts.
 15. Conclusion
15.1 Summary of Findings
- Summarizing the key findings and insights gained from the report on
packet sniffing with Python.

Example: Reiterating the importance of responsible and ethical use of

packet sniffing tools.

15.2 Importance of Packet Sniffing in Network Analysis

- Emphasizing the significance of packet sniffing as a valuable technique
for network monitoring and troubleshooting.

15.3 Future Prospects

- Concluding with the potential advancements and future developments
in packet sniffing using Python and other technologies.

*Appendices:*
A. Python Code Samples for Packet Sniffing
- Sample Python code snippets used for packet capturing and analysis.

B. Glossary of Terms
- A list of relevant terms and their definitions for easy reference.

C. References
- A comprehensive list of the sources and references used throughout the
report.

The expanded report now covers various aspects of packet sniffing, its
implementation using Python, and its applications in network analysis. The
provided examples should help readers grasp the concepts better and
understand the practical implications of using Python for packet sniffing.
Remember to include any additional references and citation from reliable
sources to support the information presented in the report.