A network packet sniffer built in Python — captures and inspects live network traffic to understand how data flows at the packet level.
- Live capture of network packets
- Parses and displays packet metadata (source, destination, protocol)
- Separate UI module for structured output
- Malicious traffic simulation for testing and analysis
Python-Packet-Sniffer/
├── sniffer.py # Core packet capture and parsing logic
├── app.py # Main application entry point
├── mal_app.py # Simulated malicious traffic for testing
├── ui.py # Output and display formatting
└── .gitignore
Requires root/administrator privileges to capture raw network packets.
sudo python app.pyThe sniffer uses Python's raw socket interface to intercept packets at the network layer. Each captured packet is parsed to extract headers including source/destination IP addresses, protocol type, and payload data.
mal_app.py simulates suspicious traffic patterns, allowing the sniffer to
be tested against abnormal network behaviour — a basic introduction to
traffic analysis and anomaly detection.
- How packets are structured at the IP and TCP/UDP layers
- Raw socket programming and the difference between raw and stream sockets
- How tools like Wireshark capture and inspect network traffic
- The importance of traffic analysis in detecting malicious activity
- How to separate concerns across modules (capture, parsing, display)
This tool is intended for educational purposes only.
Only use it on networks you own or have explicit permission to monitor.
Unauthorized packet sniffing is illegal in most jurisdictions.
MIT License