This is a powerful and flexible network sniffing tool written in Python. It captures network packets in real-time, analyzes them, and provides insights through both a terminal interface and an optional web-based dashboard. The tool is designed for network administrators, security analysts, and developers who need to monitor network traffic, diagnose issues, or analyze security events.
There are two main versions of the script in this repository:
snif.py: The original version of the sniffer.snif-V2.py: The current and recommended version, featuring a more robust architecture, database storage, and an interactive web UI.
- Real-Time Packet Capture: Monitors multiple network interfaces simultaneously.
- Dual-Mode Interface: Choose between a detailed command-line interface (CLI) and a rich, interactive web dashboard.
- Persistent Storage: All captured events are stored in a local SQLite database (
network_sniffer.db) for later analysis. - In-Depth Analysis: Provides detailed session tracking, bandwidth monitoring, and DNS query analysis.
- Suspicious Activity Detection: Includes basic heuristics to identify potentially malicious domain names based on character entropy.
- Flexible Filtering: Filter captured traffic by source/destination IP, protocol, or domain name.
- Cross-Platform: Runs on Windows, macOS, and Linux.
Ensure you have Python 3.8 or newer installed.
The project requires several third-party libraries. You can install them using the requirements.txt file:
pip install -r requirements.txtScapy, the underlying packet manipulation library, requires a packet capture driver to function on Windows. You must install either WinPcap or Npcap.
- Npcap is the more modern and recommended option. It is developed by the Nmap project and offers better performance and security.
- You can download it from the official Npcap website.
- During installation, make sure to check the box for "Install Npcap in WinPcap API-compatible Mode" to ensure compatibility with Scapy.
-
Clone the repository (or download the files).
-
Install dependencies as described above:
pip install -r requirements.txt
-
(Windows Only) Install Npcap with WinPcap compatibility mode enabled.
-
Run the sniffer using
snif-V2.py. You can run it with default settings:python snif-V2.py
-
For a more customized experience, use the command-line arguments detailed below.
The script accepts several command-line arguments to customize its behavior. These flags are prefixed with --.
| Argument | Description |
|---|---|
-i, --interfaces |
Specify one or more network interfaces to monitor (e.g., eth0, Wi-Fi). If not provided, it monitors all available interfaces. |
--web |
Enables the web dashboard, accessible at http://localhost:5000. |
--db-path |
Sets the path for the SQLite database file. Defaults to network_sniffer.db. |
--reset-db |
Deletes all data from the database before starting the capture. Useful for a clean session. |
--src-ip |
Filters traffic to show only packets originating from this source IP address. |
--dst-ip |
Filters traffic to show only packets destined for this IP address. |
--domain |
Filters DNS queries to show only those containing this substring. |
--protocol |
Filters by protocol type. Choices: HTTP, HTTPS, DNS, TLS, SSDP, TCP, UDP. |
--buffer-size |
Sets the size of the internal event queue. Defaults to 1000. |
--debug |
Enables detailed debug logging to network_sniffer.log. |
--create-template |
Creates the web dashboard template files and exits. |
-
Monitor a specific interface and enable the web UI:
python snif-V2.py -i Wi-Fi --web
-
Start with a fresh database and filter for a specific destination IP:
python snif-V2.py --reset-db --dst-ip 8.8.8.8
While the sniffer is running in the terminal, you can use these commands:
porpause: Pause/resume packet capture.sorstats: Show current protocol statistics.f <filter>: Apply filters dynamically (e.g.,f src_ip=192.168.1.100).f clear: Clear all active filters.corclear: Clear the terminal screen.qorquit: Stop the sniffer and exit gracefully.