A real-time, command-line network packet analyzer built using Python and Scapy
Works seamlessly on Linux, Windows, and macOS with admin/root permissions.
Packet Sniffer CLI is a Python-based command-line tool that captures and analyzes live network packets.
It provides detailed protocol information, supports filters, and can save logs and PCAP files for later analysis in Wireshark.
✅ Live real-time packet capture using Scapy
✅ Decode TCP, UDP, ICMP, ARP, and DNS
✅ Display source/destination IPs, ports, and payload size
✅ Save results in:
- Human-readable logs →
logs/captured.log - PCAP format →
captures/capture.pcap(for Wireshark)
✅ Apply filters: - by protocol (
tcp,udp,icmp,arp,dns) - by IP address
- by port number
✅ Cross-platform: Linux, Windows, macOS
✅ Auto-creates required directories (logs/,captures/)
✅ Error-safe and permission-aware
packet-sniffer/
│
├── sniffer.py # Main entry point – CLI & packet capture
├── packet_parser.py # Decodes and extracts packet details
├── filters.py # Filtering logic (protocol/IP/port)
├── logger.py # Logs and PCAP saving
├── utils.py # Helper functions (timestamp, admin check)
│
├── requirements.txt # Dependencies
├── README.md # Project documentation
├── LICENSE # MIT License
├── .gitignore
├── .gitattributes
│
├── captures/ # Auto-created; stores PCAP files
└── logs/ # Auto-created; stores log files
git clone https://github.com/mantrapatil03/packet-sniffer.git
cd packet-snifferpip install -r requirements.txt
sudo python3 sniffer.py
Run Command Prompt or PowerShell as Administrator:
python sniffer.py
Examples
# Capture only TCP packets
sudo python3 sniffer.py --protocol tcp
# Capture packets from specific IP
sudo python3 sniffer.py --ip 192.168.1.10
# Capture packets for port 80 (HTTP)
sudo python3 sniffer.py --port 80
Output Files
- Logs
Human-readable output
logs/captured.log
- PCAP
Raw packet data (open in Wireshark)
captures/capture.pcap
| Protocol | Supported | Details |
|---|---|---|
| TCP | ✅ | Ports, flags, payload size |
| UDP | ✅ | Ports, payload size |
| ICMP | ✅ | Type, code |
| ARP | ✅ | Who-has / is-at |
| DNS | ✅ | Query name, type |
| Filter Type | Example | Description |
|---|---|---|
| Protocol | --protocol tcp |
Capture only TCP packets |
| IP | --ip 192.168.1.10 |
Capture packets to/from given IP |
| Port | --port 80 |
Capture packets using specific port |
Filters can be combined, e.g.
sudo python3 sniffer.py --protocol tcp --port 443
| Platform | Required Privilege |
|---|---|
| Linux/macOS | Run with sudo |
| Windows | Run as Administrator |
| macOS Extra | Run sudo chmod +r /dev/bpf* if permission denied |
Permission Denied
→ Use sudo or Administrator privileges
No Packets Captured → Try specifying a network interface:
sudo python3 sniffer.py --iface eth0
List interfaces:
python3 - <<EOF
from scapy.all import get_if_list
print(get_if_list())
EOFPCAP Not Saving → Ensure captures/ and logs/ exist (auto-created). Check file permissions.
Windows Note: Scapy requires Npcap — install it from https://npcap.com
Main Modules
| File | Description |
|---|---|
sniffer.py |
CLI arguments, interface selection, main loop |
packet_parser.py |
Extracts IPs, ports, and protocol details |
filters.py |
Filtering by protocol/IP/port |
logger.py |
Writes logs and saves PCAP |
utils.py |
Helpers (timestamp, admin check, OS info) |
- Adding New Protocol Decoders
- Edit packet_parser.py
- Add new parsing logic for your protocol (e.g., HTTP)
- Update CLI filter options if needed
Contributions are welcome!
If you’d like to improve or extend this tool:
- 1️⃣ Fork the repo
- 2️⃣ Create a feature branch
- 3️⃣ Write clean, well-documented code
- 4️⃣ Submit a pull request
For major changes, open an issue first.
Mantra Patil
Made with ❤️ & Python by Mantra Patil
🌟 If you found this project helpful, please give it a star! 🌟
Your support motivates further open-source work and new features.