Monitoring Network Traffic with Scapy
Learn how to use Scapy’s sniff function to monitor traffic flowing over a network.
We'll cover the following
Sending vs. listening in Scapy
Port scanners and vulnerability scanners are clients, meaning they initiate a conversation with a server. For clients, we can use sr()
and similar functions that send a packet and look for a response.
However, honeypots and other servers are the recipients of the SYN packet in a TCP handshake or a request in a DNS communication. To implement a honeypot, we must learn to monitor incoming messages and respond to them.
Implementing a listener in Scapy
Scapy’s sniff
function enables a Python program to monitor live network traffic. The following code block shows an example of sniffing traffic with Scapy.
Get hands-on with 1200+ tech skills courses.