TrafficWatch - TrafficWatch, A Packet Sniffer Tool, Allows You To Monitor And Analyze Network Traffic From PCAP Files

TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more.

• Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, and NetBIOS.
• Packet filtering based on protocol, source IP, destination IP, source port, destination port, and more.
• Summary statistics on captured packets.
• Interactive mode for in-depth packet inspection.
• Timestamps for each captured packet.
• User-friendly colored output for improved readability.
• Python 3.x
• scapy
• argparse
• pyshark
• colorama

1. Clone the repository:

   git clone https://github.com/HalilDeniz/TrafficWatch.git

2. Navigate to the project directory:

   cd TrafficWatch

3. Install the required dependencies:

   pip install -r requirements.txt

python3 trafficwatch.py --help
usage: trafficwatch.py [-h] -f FILE [-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}] [-c COUNT]

Packet Sniffer Tool

options:
-h, --help            show this help message and exit
-f FILE, --file FILE  Path to the .pcap file to analyze
-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}, --protocol {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}
                     Filter by specific protocol
-c COUNT, --count COUNT
                     Number of packets to display

To analyze packets from a PCAP file, use the following command:

python trafficwatch.py -f path/to/your.pcap

To specify a protocol filter (e.g., HTTP) and limit the number of displayed packets (e.g., 10), use:

python trafficwatch.py -f path/to/your.pcap -p HTTP -c 10

• -f or --file: Path to the PCAP file for analysis.
• -p or --protocol: Filter packets by protocol (ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, NetBIOS).
• -c or --count: Limit the number of displayed packets.

Contributions are welcome! If you want to contribute to TrafficWatch, please follow our contribution guidelines.

If you have any questions, comments, or suggestions about Dosinator, please feel free to contact me:

• LinkedIn: Halil Ibrahim Deniz
• TryHackMe: Halilovic
• Instagram: deniz.halil333
• YouTube: Halil Deniz
• Email: halildeniz313@gmail.com

This project is licensed under the MIT License.

Thank you for considering supporting me! Your support enables me to dedicate more time and effort to creating useful tools like DNSWatch and developing new projects. By contributing, you're not only helping me improve existing tools but also inspiring new ideas and innovations. Your support plays a vital role in the growth of this project and future endeavors. Together, let's continue building and learning. Thank you!" 

DNSWatch - DNS Traffic Sniffer and Analyzer

DNSWatch is a Python-based tool that allows you to sniff and analyze DNS (Domain Name System) traffic on your network. It listens to DNS requests and responses and provides insights into the DNS activity. 

Features

• Sniff and analyze DNS requests and responses.
• Display DNS requests with their corresponding source and destination IP addresses.
• Optional verbose mode for detailed packet inspection.
• Save the results to a specified output file.
• Filter DNS traffic by specifying a target IP address.
• Save DNS requests in a database for further analysis(optional)
• Analyze DNS types (optional).
• Support for DNS over HTTPS (DoH) (optional).

Requirements

• Python 3.7+
• scapy 2.4.5 or higher
• colorama 0.4.4 or higher

Installation

1. Clone this repository:

git clone https://github.com/HalilDeniz/DNSWatch.git

2. Install the required dependencies:

pip install -r requirements.txt

Usage

python dnswatch.py -i <interface> [-v] [-o <output_file>] [-k <target_ip>] [--analyze-dns-types] [--doh]

• -i, --interface: Specify the network interface (e.g., eth0).
• -v, --verbose: Use this flag for more verbose output.
• -o, --output: Specify the filename to save results.
• -t, --target-ip: Specify a specific target IP address to monitor.
• -adt, --analyze-dns-types: Analyze DNS types.
• --doh: Use DNS over HTTPS (DoH) for resolving DNS requests.
• -fd, --target-domains: Filter DNS requests by specified domains.
• -d, --database: Enable database storage for DNS requests.

Press Ctrl+C to stop the sniffing process.

Examples

• Sniff DNS traffic on interface "eth0":

python dnswatch.py -i eth0

• Sniff DNS traffic on interface "eth0" and save the results to a file:

python dnswatch.py -i eth0 -o dns_results.txt

• Sniff DNS traffic on interface "eth0" and filter requests/responses involving a specific target IP:

python dnswatch.py -i eth0 -k 192.168.1.100

• Sniff DNS traffic on interface "eth0" and enable DNS type analysis:

python dnswatch.py -i eth0 --analyze-dns-types

• Sniff DNS traffic on interface "eth0" using DNS over HTTPS (DoH):

python dnswatch.py -i eth0 --doh

• Sniff DNS traffic on interface "wlan0" and Enable database storage

python3 dnswatch.py -i wlan0 --database

License

DNSWatch is licensed under the MIT License. See the LICENSE file for details.

Disclaimer

This tool is intended for educational and testing purposes only. It should not be used for any malicious activities.

Contact

• Email : halildeniz313@gmail.com
• Linkedin : https://www.linkedin.com/in/halil-ibrahim-deniz/
• TryHackMe: https://tryhackme.com/p/halilovic
• Instagram: https://www.instagram.com/deniz.halil333/
• YouTube : https://www.youtube.com/c/HalilDeniz
• Mysite : https://denizhalil.com/