Logging Received Packets

Introduction to packet logging

Network traffic monitoring can be used for various purposes. For example, a traffic monitor could monitor access attempts for a particular IT resource, passively generate a graph of a corporate network, or extract credentials from insecure network protocols.

However, all of these applications require the ability to extract and log useful information from network packets. We’ve created filters for packets of interest and defined actions for particular types of packets. Now, we’ll look at extracting data from packets and logging that data rather than the packets themselves.

Logging packet summaries

Logging the complete contents of every sniffed packet is excessive for most use cases. For HTTP traffic, many of the header values are undefined, and some fields, such as header checksums, have no real value.

When logging an HTTP request, some of the fields of interest include:

• Source and destination IP address

• Source and destination port

• HTTP request type (GET, POST, etc.)

• URL

All of these fields can be extracted from the packet using Scapy and printed to the terminal. The following code sample prints summaries of received HTTP requests to a server.