A cross-platform packet capture utility that decodes and displays network traffic
Project description
Network Packet Sniffer
A cross-platform packet capture utility that decodes and displays network traffic. Built with Python using raw sockets.
Features
- Packet Decoding: Parses IP, TCP, UDP, and ICMP headers with human-readable output
- Filtering: Filter by protocol, port, source IP, or destination IP
- Multiple Output Formats: Human-readable, JSON, or raw bytes
- Pcap Export: Save captures to pcap format for analysis in Wireshark
- Statistics: Track packet counts, bytes, protocols, and top talkers
- Hex Dump: Optional hex dump display for packet inspection
- Cross-Platform: Works on Linux and Windows
Requirements
- Python 3.6+
- Root/Administrator privileges (required for raw sockets)
Installation
git clone https://github.com/brett-buskirk/sniffer.git
cd sniffer
No additional dependencies required - uses only Python standard library.
Usage
sudo python3 sniffer.py [options]
Options
| Option | Description |
|---|---|
--host, -H |
Host IP address to listen on (default: auto-detect) |
--count, -c |
Number of packets to capture (0 = unlimited) |
--protocol, -p |
Filter by protocol: tcp, udp, or icmp |
--port |
Filter by port number (source or destination) |
--src-ip |
Filter by source IP address |
--dst-ip |
Filter by destination IP address |
--output, -o |
Output format: human, json, or raw |
--hex, -x |
Show hex dump of packets |
--save, -s |
Save packets to pcap file |
--quiet, -q |
Suppress output, only show statistics |
--no-stats |
Do not show statistics at end |
--interface, -i |
Network interface to capture on (Linux only, default: auto-detect) |
Examples
# Capture packets continuously until Ctrl+C
sudo python3 sniffer.py
# Capture exactly 10 packets
sudo python3 sniffer.py --count 10
# Capture only TCP traffic
sudo python3 sniffer.py --protocol tcp
# Capture HTTP traffic (port 80)
sudo python3 sniffer.py --protocol tcp --port 80
# Capture HTTPS traffic with hex dump
sudo python3 sniffer.py --protocol tcp --port 443 --hex
# Output in JSON format (useful for scripting)
sudo python3 sniffer.py --output json --count 5
# Save capture to pcap file for Wireshark
sudo python3 sniffer.py --save capture.pcap --count 100
# Quiet mode - only show statistics
sudo python3 sniffer.py --quiet --count 50
# Filter by specific source IP
sudo python3 sniffer.py --src-ip 192.168.1.100
# Capture on a specific network interface
sudo python3 sniffer.py --interface eth0
Capturing Localhost Traffic
To capture traffic from local development servers, use the loopback interface:
# Capture all localhost traffic
sudo python3 sniffer.py --interface lo
# Capture traffic on a specific port (e.g., dev server on port 3000)
sudo python3 sniffer.py --interface lo --port 3000
# Capture localhost API traffic on port 8080
sudo python3 sniffer.py --interface lo --port 8080 --protocol tcp
# Save localhost traffic for analysis
sudo python3 sniffer.py -i lo --port 5174 --save localhost.pcap
Sample Output
Human-Readable (default)
[2026-01-26T10:30:45.123456] TCP 192.168.1.100:54321 -> 142.250.80.46:443
Flags: [SYN] Seq: 123456789 Ack: 0 Win: 65535
TTL: 64 ID: 12345 Len: 60
[2026-01-26T10:30:45.234567] TCP 142.250.80.46:443 -> 192.168.1.100:54321
Flags: [SYN,ACK] Seq: 987654321 Ack: 123456790 Win: 65535
TTL: 117 ID: 0 Len: 60
JSON Output
{"timestamp": "2026-01-26T10:30:45.123456", "version": 4, "header_length": 20, "ttl": 64, "protocol": 6, "protocol_name": "TCP", "src_ip": "192.168.1.100", "dst_ip": "142.250.80.46", "src_port": 54321, "dst_port": 443, "flag_names": ["SYN"], "raw_hex": "..."}
Statistics Summary
============================================================
CAPTURE STATISTICS
============================================================
Duration: 10.25 seconds
Total packets: 150
Total bytes: 12450
Packets/sec: 14.63
Protocols:
TCP: 120
UDP: 25
ICMP: 5
Top 5 Source IPs:
192.168.1.100: 75
142.250.80.46: 45
8.8.8.8: 20
192.168.1.1: 10
Top 5 Destination IPs:
142.250.80.46: 80
192.168.1.100: 50
8.8.8.8: 15
192.168.1.255: 5
============================================================
Platform Notes
Linux
- Requires root privileges (
sudo) - Uses
AF_PACKETsockets to capture all IP traffic (TCP, UDP, ICMP) - Supports interface selection with
--interface(e.g.,eth0,lo,wlan0) - Auto-detects default interface from routing table
Windows
- Requires Administrator privileges
- Uses
AF_INETraw sockets with promiscuous mode enabled viaSIO_RCVALL - Binds to IP address instead of interface name
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file network_packet_sniffer-0.1.0.tar.gz.
File metadata
- Download URL: network_packet_sniffer-0.1.0.tar.gz
- Upload date:
- Size: 18.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b06c2d9c61ba8851c9dc091b78bad2557e8859e46ff31c1d7246e87a4ba83019
|
|
| MD5 |
b5aec84086200f24613f883a7ae7c1a5
|
|
| BLAKE2b-256 |
169e11d6cd387abe5a9ee39307110ce1a00235015cd9bf0cbcbd152e6039efa3
|
File details
Details for the file network_packet_sniffer-0.1.0-py3-none-any.whl.
File metadata
- Download URL: network_packet_sniffer-0.1.0-py3-none-any.whl
- Upload date:
- Size: 14.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a9b6c6a79d8e8fecb0305e786f682190775e3a5a7b307813076f55ae349cb7a1
|
|
| MD5 |
46f31f299d982494555303660579655a
|
|
| BLAKE2b-256 |
f267b019b9303c8a1cd5149d5feb7133a203c975c5eb9641b5afbdeb3cea05ec
|
