Disclaimer:
What you are about to see is for educational purposes only. Under no circumstances shall we have any liability to you for any loss or damages of any kind incurred as a resultof the use of this code. Your use of this code and your reliance on any information on the code is solely at your own risk.
Description:
In this series of code with me we'll create a program that would sniff a host's traffic from your network. With the aid of python and its socket library we'll be able to create a tool that monitors the host's network traffic.
Code:
import socket
import os
host = raw_input("Input IP to sniff: ") #type command ipconfig to know your ip address
if os.name == "nt":
socket_protocol = socket.IPPROTO_IP
else:
socket_protocol = socket.IPPROTO_ICMP
sniff = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket_protocol)
sniff.bind((host,0))
sniff.setsockopt(socket.IPPROTO_IP,socket.IP_HDRINCL,1) #This would capture all traffic with the IP header involved
if os.name == "nt": #Condition if user is in Windows, IOCTL would be sent to set it to promiscuous mode
sniff.ioctl(socket.SIO_RCVALL,socket.RCVALL_ON)
#This is where real-time monitoring takes place
while True:
try:
#if we receive a single packet , we'll evaluate it and get just the remote IP.
raw = sniff.recvfrom(65565)[1][0]
#This would print out the dns resolution for external domain
if raw == host: # We are not interested with our localhost so we live the localIP as is
print raw
else:
print socket.gethostbyaddr(raw) # This would print out the equivalent domain of the external IP
except socket.herror:
print None
pass
if os.name == "nt":
sniff.ioctl(socket.SIO_RCVALL,socket.RCVALL_OFF)