Logging Received Packets
Learn how to log HTTP requests and passively perform port scanning.
We'll cover the following
Introduction to packet logging
Network traffic monitoring can be used for various purposes. For example, a traffic monitor could monitor access attempts for a particular IT resource, passively generate a graph of a corporate network, or extract credentials from insecure network protocols.
However, all of these applications require the ability to extract and log useful information from network packets. We’ve created filters for packets of interest and defined actions for particular types of packets. Now, we’ll look at extracting data from packets and logging that data rather than the packets themselves.
Logging packet summaries
Logging the complete contents of every sniffed packet is excessive for most use cases. For HTTP traffic, many of the header values are undefined, and some fields, such as header checksums, have no real value.
When logging an HTTP request, some of the fields of interest include:
Source and destination IP address
Source and destination port
HTTP request type (GET, POST, etc.)
URL
All of these fields can be extracted from the packet using Scapy and printed to the terminal. The following code sample prints summaries of received HTTP requests to a server.
Get hands-on with 1200+ tech skills courses.