Jirka Vejrazka, profile picture
Uploaded byJirka Vejrazka
1,585 views

Python event based network sniffer

This document summarizes a Python-based network sniffer using pyevent and pypcap libraries. The sniffer captures packets from an interface like eth0, applies optional filters, and handles the captured packets and events in a non-blocking way. It also describes how to add functionality for packet filtering, graceful shutdown, and statistics collection.

Embed presentation

Downloaded 34 times
Network sniffer in Python (event-based) Jirka Vejražka (@JirkaV) @Pyvec - PyVo #20
Why? Because tcpdump was not right for the job How? pyevent + pypcap (by @dugsong)
The Code (Python 2.x) import pcap import event if_eth0 = pcap.pcap(‘eth0’) # needs root pcap_file = get_PCAP_file() event.read(if_eth0.fd, packets_handler, if_eth0) event.dispatch() # it all happens here print ‘All done, quitting’
Secret sauce? None! def get_PCAP_file(): pcap_f = open(‘packets.pcap’, ‘wb’) pcap_f.write(PCAP_HEADER) # PCAP docs return pcap_f def packets_handler(iface): for timestamp, packet in iface.readpkts(): pcap_file.write(packet) return True
Filtering (we don’t want it all) if_eth0 = pcap.pcap(‘eth0’) if_eth0.setfilter(‘icmp or tcp and port 80’) event.dispatch()
Stopping It (because a packet may never arrive) import signal def stop_sniffing(): event.loop() # handle unprocessed events event.abort() event.signal(signal.SIGTERM, stop_sniffing) event.signal(signal.SIGINT, stop_sniffing)
Nice to Have (statistics) def print_stats(iface): recvd, dropped, if_drops = iface.stats() print ‘received:’, recvd print ‘dropped:’, dropped return True event.signal(signal.SIGUSR1, print_stats, if_eth0) event.timeout(60*15, print_stats, if_eth0)
Questions? Kudos to @craigbalding for “rmmod perl && modprobe python” as well as the whole sniffer idea This presentation is incredibly average thanks to the Avería font from iotic.com/averia/

More Related Content

PDF
Spark Day 2017- Spark 의 과거, 현재, 미래
byMoon Soo Lee
 
DOCX
Report for weather pi
byAsutosh Hota
 
PDF
Asynchronen Code testen
byndrssmn
 
PDF
Aio...whatever
bySteve Genoud
 
PDF
No instrumentation Golang Logging with eBPF (GoSF talk 11/11/20)
byPixie Labs
 
PPTX
Environmental analysis of crop trials - Van Etten
byCCAFS | CGIAR Research Program on Climate Change, Agriculture and Food Security
 
PPT
Terminitor
bynesquena
 
PPT
Terminitor (Revised)
bynesquena
 
Spark Day 2017- Spark 의 과거, 현재, 미래
byMoon Soo Lee
 
Report for weather pi
byAsutosh Hota
 
Asynchronen Code testen
byndrssmn
 
Aio...whatever
bySteve Genoud
 
No instrumentation Golang Logging with eBPF (GoSF talk 11/11/20)
byPixie Labs
 
Environmental analysis of crop trials - Van Etten
byCCAFS | CGIAR Research Program on Climate Change, Agriculture and Food Security
 
Terminitor
bynesquena
 
Terminitor (Revised)
bynesquena
 

What's hot

PDF
Using Android Things to Detect & Exterminate Reptilians
byNilhcem
 
TXT
fabfile.py
byCorey Oordt
 
PPTX
HAB Software Woes
byjgrahamc
 
PDF
Gatling.pptx
byNalini Kanth
 
PPTX
AssertJ quick introduction
byThiago Schoppen Veronese
 
PDF
Isolated development in python
byAndrés J. Díaz
 
PDF
Programming with ZooKeeper - A basic tutorial
byJeff Smith
 
PDF
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
byJarek Potiuk
 
PDF
The Ring programming language version 1.5.4 book - Part 79 of 185
byMahmoud Samir Fayed
 
PDF
Backpressure? Resistance is not futile. RxJS Live 2019
byJay Phelps
 
PDF
Asynchronous Python at Kumparan
byBayu Aldi Yansyah
 
ODP
Specs Presentation
bySynesso
 
PDF
Analysis crop trials using climate data
byAlberto Labarga
 
TXT
Log
bytapputanker
 
PDF
NSClient Workshop: 04 Protocols
byMichael Medin
 
PDF
Star bed 2018.07.19
byRuo Ando
 
ODP
Java Boilerplate Busters
byHamletDRC
 
ODP
Java Boilerplate Busters
byHamletDRC
 
PDF
Evolutionary Testing for Crash Reproduction
byAnnibale Panichella
 
Using Android Things to Detect & Exterminate Reptilians
byNilhcem
 
fabfile.py
byCorey Oordt
 
HAB Software Woes
byjgrahamc
 
Gatling.pptx
byNalini Kanth
 
AssertJ quick introduction
byThiago Schoppen Veronese
 
Isolated development in python
byAndrés J. Díaz
 
Programming with ZooKeeper - A basic tutorial
byJeff Smith
 
Manageable data pipelines with airflow (and kubernetes) november 27, 11 45 ...
byJarek Potiuk
 
The Ring programming language version 1.5.4 book - Part 79 of 185
byMahmoud Samir Fayed
 
Backpressure? Resistance is not futile. RxJS Live 2019
byJay Phelps
 
Asynchronous Python at Kumparan
byBayu Aldi Yansyah
 
Specs Presentation
bySynesso
 
Analysis crop trials using climate data
byAlberto Labarga
 
Log
bytapputanker
 
NSClient Workshop: 04 Protocols
byMichael Medin
 
Star bed 2018.07.19
byRuo Ando
 
Java Boilerplate Busters
byHamletDRC
 
Java Boilerplate Busters
byHamletDRC
 
Evolutionary Testing for Crash Reproduction
byAnnibale Panichella
 

Similar to Python event based network sniffer

PPTX
PACKET Sniffer IMPLEMENTATION
byGoutham Royal
 
PDF
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
byDevOpsDays Tel Aviv
 
PPT
Libpcap
byliu qiang
 
PPTX
BSides London - Scapy Workshop
byAdam Maxwell
 
PDF
True stories on the analysis of network activity using Python
bydelimitry
 
PDF
Python para equipos de ciberseguridad(pycones)
byJose Manuel Ortega Candel
 
PPTX
1.Sniffing-Spoofing in security of net.pptx
byMouemenNouasria
 
PPTX
Packet Sniffer
byvilss
 
PPTX
Sanitizing PCAPs
byJasper Bongertz
 
PDF
Network traffic analysis course
byTECHNOLOGY CONTROL CO.
 
PPTX
Packet sniffers
byRavi Teja Reddy
 
DOCX
Wireshark Lab Getting Started v6.0 Supplement to Co.docx
byambersalomon88660
 
DOCX
Wireshark lab getting started one’s unde
bypiya30
 
ODP
Pycon Sec
byguesta762e4
 
PPT
an_introduction_to_network_analyzers_new.ppt
byIwan89629
 
PDF
110864103 adventures-in-bug-hunting
bybob dobbs
 
PPTX
Presentation 6
byMandeep Singh Kapoor
 
PDF
Network Situational Awareness with d00gle
byDug Song
 
PDF
Creating an Effective Network Sniffer
byijtsrd
 
PDF
Debugging applications with network security tools
byConFoo
 
PACKET Sniffer IMPLEMENTATION
byGoutham Royal
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
byDevOpsDays Tel Aviv
 
Libpcap
byliu qiang
 
BSides London - Scapy Workshop
byAdam Maxwell
 
True stories on the analysis of network activity using Python
bydelimitry
 
Python para equipos de ciberseguridad(pycones)
byJose Manuel Ortega Candel
 
1.Sniffing-Spoofing in security of net.pptx
byMouemenNouasria
 
Packet Sniffer
byvilss
 
Sanitizing PCAPs
byJasper Bongertz
 
Network traffic analysis course
byTECHNOLOGY CONTROL CO.
 
Packet sniffers
byRavi Teja Reddy
 
Wireshark Lab Getting Started v6.0 Supplement to Co.docx
byambersalomon88660
 
Wireshark lab getting started one’s unde
bypiya30
 
Pycon Sec
byguesta762e4
 
an_introduction_to_network_analyzers_new.ppt
byIwan89629
 
110864103 adventures-in-bug-hunting
bybob dobbs
 
Presentation 6
byMandeep Singh Kapoor
 
Network Situational Awareness with d00gle
byDug Song
 
Creating an Effective Network Sniffer
byijtsrd
 
Debugging applications with network security tools
byConFoo
 

Recently uploaded

PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
December Patch Tuesday
byIvanti
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
cybercrime in Information security .pptx
byismaeelsahib032
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
software-security-intro in information security.ppt
byismaeelsahib032
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
December Patch Tuesday
byIvanti
 

Python event based network sniffer

  • 1.
    Network sniffer inPython (event-based) Jirka Vejražka (@JirkaV) @Pyvec - PyVo #20
  • 2.
    Why? Because tcpdump wasnot right for the job How? pyevent + pypcap (by @dugsong)
  • 3.
    The Code (Python 2.x) import pcap import event if_eth0 = pcap.pcap(‘eth0’) # needs root pcap_file = get_PCAP_file() event.read(if_eth0.fd, packets_handler, if_eth0) event.dispatch() # it all happens here print ‘All done, quitting’
  • 4.
    Secret sauce? None! defget_PCAP_file(): pcap_f = open(‘packets.pcap’, ‘wb’) pcap_f.write(PCAP_HEADER) # PCAP docs return pcap_f def packets_handler(iface): for timestamp, packet in iface.readpkts(): pcap_file.write(packet) return True
  • 5.
    Filtering (we don’t want it all) if_eth0 = pcap.pcap(‘eth0’) if_eth0.setfilter(‘icmp or tcp and port 80’) event.dispatch()
  • 6.
    Stopping It (because a packet may never arrive) import signal def stop_sniffing(): event.loop() # handle unprocessed events event.abort() event.signal(signal.SIGTERM, stop_sniffing) event.signal(signal.SIGINT, stop_sniffing)
  • 7.
    Nice to Have (statistics) def print_stats(iface): recvd, dropped, if_drops = iface.stats() print ‘received:’, recvd print ‘dropped:’, dropped return True event.signal(signal.SIGUSR1, print_stats, if_eth0) event.timeout(60*15, print_stats, if_eth0)
  • 8.
    Questions? Kudos to @craigbaldingfor “rmmod perl && modprobe python” as well as the whole sniffer idea This presentation is incredibly average thanks to the Avería font from iotic.com/averia/