Home

Awesome

Sniffer

Simple sniffer using Scapy and PyQt5 on Windows.

Sample

<!-- TOC --> <!-- /TOC -->

Getting Started

Just download them all and run main.py

Prerequisites

Optional

Usage

pip install -r requirements.txt
python main.py

#Optional lib `pyshark` for parsing brief info from packet.
#pyshark version 0.3.6.2 is the only one that works.
pip install pyshark==0.3.6.2

Feature

Multiple features in this project.

Filter on Network interfaces, Protocol, Src, Dst, Sport and Dport.

Choose the filter anytime you like and then click the start button twice to continue sniffing.(have to stop and start to take effect)

Save selected packet(s) information to files, and even copy to clipboard.

Select one packet, or multiple packets. After using right clicks, you can save them into a txt file with readable format, or even copy them into your clipboard(short-cut keys Ctrl-S,Ctrl-C).

Sample

TCP/IP reassembly and save them to files.

Select one packet, and it will automatically find related packets and reassemble them. If the total fragments number is too big, it will give you the option to reassemble and decode it or not. Remember that all the related fragments will be displayed immediately no matter what. After that processing, you are welcome to click the Reassembly button below on the status to convert them into one entire file. Only tested in FTP Transmission, HTML reassembly and ICMP(ping), and the file size can be up to 15MB (might take certain time processing to GUI). New feature is added to show the whole size number after reassembly to have a quick peak of the whole process.

Sample

HTTP Request/Response information

After reassembling the TCP packet, next move is to show you the whole information in HTTP layer, espeically for HTML or image. You will be aware of how dangerous it is when the protocol is HTTP because what you have input is always transferred without any protection, or you can preview every image during the http transmission.

Sample

Sample

Search bar makes things easier

Using search bar wisely can actually save a lot of time. Keywords are searched in whole packet's hex or decoded by UTF-8 and GB2312,which is very convenient to find http headers of filename. The new feature is the advanced search that enables user to search use filter. Here is the format of advanced seach.

[-p]  <protocol>
[-s]  <ipsrc>  [-d]  <ipdst>
[-sp] <sport>  [-dp] <dport>
keyword

#search keywords `image`(ordinary search)
image

#search packet of which tcp sport==80 and keyword 'image'(advanced search)
-p tcp -sp 80 image

OC Mode

The default OC mode will never let you down when an additional dedicated process is used for listening and sniffing. However, it is very CPU-consuming, but you can turn it off any time (have to stop and start to take effect)

Network Speed

The ultimate style of Network Speed uses the API of psutil which is extremely accurate and responsive.

Color Theme like WireShark

Every packet is sorted by the default color theme of wireshark. Default On. Using "Ctrl+F" to turn off/on. ADD Mouse entering and leaving event for each row makes the UI more colorful and better.

(Optional) Brief efficient information when mouse passes.

Thanks to the API of pyshark, the real information that contains a lot of useful details can be feeded whenever your mouse passes on. Remember it's only activated when pyshark(version 0.3.6.2) is installed and the current mode is STOP.

Sample

To Do