From 438aac9739acb613773257dcd31cc7e2e238779b Mon Sep 17 00:00:00 2001
From: Vicky Steeves <victoriaisteeves@gmail.com>
Date: Mon, 22 Nov 2021 17:54:53 -0500
Subject: [PATCH] add packet sniffer with functions

---
 .gitignore | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 LICENSE    |  21 ++++++++++
 README.md  | 101 +++++++++++++++++++++++++++++++++++++++++++-
 index.py   |  14 +++++++
 4 files changed, 254 insertions(+), 2 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 LICENSE
 create mode 100644 index.py

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..889afb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,120 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+encrypted_file.txt
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# PyCharm specific
+.idea
+ 
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..92261b8
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Vicky Rampin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
index 83304dd..1618b21 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,108 @@
 Author: Vicky Rampin
 
 ## Prompt
-Write a program that extracts the data of one packet from captured traffic and reconstructs the packet. You can choose and work on any protocol (e.g. HTTP packet) of your preference. Your program gets the captured traffic as a text file and outputs at least one constructed packet.
+Packet sniffers are programs that intercept the network traffic flowing in and out of a system through network interfaces. Packet sniffers can be coded by either using sockets API provided by the kernel, or by using some packet capture libraries. Write a program and implement your own packet sniffer in your programming language of choice.
 
 ## Installation
-This script is made with Python 3.8 and uses the `argparse` and `pycryptodome` libraries. Ensure that you have [Python 3.8+](https://www.python.org/downloads/) and these libraries installed in order to run this script correctly.
+This script is made with Python 3.8 and uses the `argparse` library, and [scapy](https://scapy.net/), a program for packet manipulation. Ensure that you have [Python 3.8+](https://www.python.org/downloads/) and these dependencies installed in order to run this script correctly.
 
 ## Usage
 First, clone this repository to your machine. Open the command line on your machine and navigate to where you cloned this repository. To get help using `cd`, use [this tutorial](https://swcarpentry.github.io/shell-novice/02-filedir/index.html).
 
+This script needs sudo or administrative privileges to run. The script will run explicitly until you kill it using either `CTRL+C` or closing the terminal window.
+
+Run the script with the following (on UNIX-based systems):
+
+~~~
+$ sudo -E env PATH="$PATH" python index.py 
+~~~
+
+Sample output:
+
+~~~
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 PA / Raw
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https A
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 PA / Raw
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:48384 A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:48384 PA / Raw
+Ether / IP / TCP 192.168.0.102:48384 > 142.251.41.14:https A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:48384 PA / Raw
+Ether / IP / TCP 192.168.0.102:48384 > 142.251.41.14:https A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:48384 PA / Raw
+Ether / IP / TCP 192.168.0.102:48384 > 142.251.41.14:https A
+Ether / IP / TCP 192.168.0.102:48384 > 142.251.41.14:https PA / Raw
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:48384 A / Padding
+Ether / IP / TCP 192.168.0.102:52440 > 52.86.220.33:https PA / Raw
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https PA / Raw
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https FA
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 52.86.220.33:https > 192.168.0.102:52440 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:52440 > 52.86.220.33:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 FA / Padding
+Ether / IP / TCP 192.168.0.102:59642 > 142.250.65.197:https A
+Ether / IP / TCP 142.250.65.197:https > 192.168.0.102:59642 A / Padding
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https PA / Raw
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https PA / Raw
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https A / Raw
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https PA / Raw
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https PA / Raw
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https PA / Raw
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https PA / Raw
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 A / Padding
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 A / Padding
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 A / Padding
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 A / Padding
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 A / Padding
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https PA / Raw
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 A / Padding
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 PA / Raw
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https A
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 PA / Raw
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 PA / Raw
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 PA / Raw
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 PA / Raw
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 PA / Raw
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https A
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https PA / Raw
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:50324 > 104.16.249.249:https A
+Ether / IP / TCP 104.16.249.249:https > 192.168.0.102:50324 A / Padding
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 PA / Raw / Padding
+Ether / IP / TCP 192.168.0.102:47798 > 142.251.41.14:https A
+Ether / IP / TCP 142.251.41.14:https > 192.168.0.102:47798 A / Padding
+Ether / IP / TCP 192.168.0.102:43796 > 5.135.179.196:https PA / Raw
+~~~
\ No newline at end of file
diff --git a/index.py b/index.py
new file mode 100644
index 0000000..3dad4f0
--- /dev/null
+++ b/index.py
@@ -0,0 +1,14 @@
+import argparse
+from scapy.all import *
+
+
+def callback(packet):
+    print(packet.summary())
+
+
+def main():
+    sniff(prn=callback)
+
+
+if __name__ == '__main__':
+    main()