A lightweight Python based network packet sniffer built with Scapy that monitors live traffic and provides real-time alerts for suspicious activity.
Perfect for learning network security fundamentals and building a hands on cybersecurity portfolio.
This tool captures live network packets on a specified interface and displays key details (source/destination IP, ports, protocol, flags).
More importantly, it includes simple but effective detection rules to flag common threats, giving you practical exposure to how SOC analysts monitor and triage network activity.
Built as an educational project to practice packet analysis, scripting detection logic, and understanding real world network threats.
No external dependencies beyond Scapy, just pure Python.
๐ก Live packet capture and readable summaries
- Suspiciously long DNS queries (potential DNS tunneling/exfiltration)
- High volume of SYN packets from a single source (potential port scan or SYN flood)
- Regular timed connections (potential C2 beaconing)
๐ Default filter excludes noisy SSH traffic (port 22) for cleaner output on servers
โจ๏ธ Command-line options for interface selection and packet limit
๐ง Easy to extend with new detection rules
- Understanding packet structure and network protocols (IP, TCP, UDP, DNS)
- Writing detection logic for common threats using timing, volume, and pattern analysis
- Using Scapy for packet capture and parsing in Python
- Filtering traffic with BPF to reduce noise in real environments
- Building clean, readable tools that simulate blue team monitoring workflows
- Documenting and presenting security projects for a professional portfolio
Here are real outputs from running the sniffer on a live server:
- Python 3.6+
- Scapy (
pip install scapy) - Root/admin privileges (required for raw packet capture)