This project is a Python-based network packet sniffer built with Scapy. It monitors unencrypted HTTP (TCP port 80) traffic and attempts to identify potential credential data (such as usernames or passwords) by inspecting packet payloads for common authentication keywords. Important: This tool is intended strictly for educational purposes, security learning, and testing only on networks and systems you own or have explicit permission to analyze.
Purpose
Learn how packet sniffing works at the network layer
Understand why HTTP is insecure
Demonstrate how credentials can be exposed in plaintext traffic
Support cybersecurity and ethical hacking education
How It Works
Uses Scapy to sniff TCP packets on port 80
Extracts the Raw payload from packets
Searches payloads for common credential-related keywords:
username
user
login
password
pass
If a match is found:
Displays the data in the terminal
Logs the event with a timestamp into packet_log.txt
Features
Real-time packet inspection
Keyword-based credential detection
Timestamped logging
Lightweight and easy to understand
Requirements
Python 3
Scapy
Install dependencies: pip install scapy
Usage Run the script with administrative/root privileges: sudo python3 sniffer.py
Stop the sniffer anytime with: Ctrl + C
Captured data will be stored in: packet_log.txt
Security Notes
This tool only works on unencrypted HTTP traffic
HTTPS traffic cannot be read due to encryption
Modern websites are protected — this script is for learning, not exploitation
Legal & Ethical Disclaimer
Unauthorized packet sniffing is illegal and unethical.
By using this project, you agree that:
You will only test on systems you own or are authorized to test
You understand local and international cybersecurity laws
The author is not responsible for misuse
Learning Outcomes
Packet sniffing fundamentals
HTTP vs HTTPS security
Network-layer data exposure risks
Defensive security awareness