Packet Sniffing in Python (CS1)

Suzanne J. Matthews and David R. Raymond
Department of Electrical Engineering & Computer Science
United States Military Academy - West Point


Unsecured wireless networks are ubiquitous to modern society. Many people use free wifi hotspots to access information on the go, whether at coffee shops, hotels, or airports. While Federal Wiretap Law (ch. 119 of title 18) is very explicit about unauthorized wiretapping, the law was written in such a manner to enable gathering information "made through an electronic communication system that is configured so that such electronic configuration is readily accessible to the general public". These laws were written during a time before wireless networks were easily available for commercial purpose. As such, packet sniffing unsecured wireless networks is still very much a legal gray area.

This assignment (orginally organized as a lab) highlights the the real-world dangers of packet-sniffing by enabling students to analyze a packet capture (PCAP) file using the Scapy package in Python. The PCAP file purportedly contains the packets of four individuals working in a coffee shop. The end goal is for the students to discover as much information they can about the four individuals whose packets were sniffed. This includes passwords, potential occupations, e-mail contents, and other sensitive topics.

Scapy starter code is provided. Students only need basic Python parsing skills (string, lists) to analyze the packet capture files.

Meta Information

Summary Packet Sniffing in Python --After a discussion of how information is transferred across wireless vs wired networks and the legality/ethics of wireless packet sniffing, students write Python code (mostly simple string matching and lists manipulation) to extract and inspect information from a packet capture file that was created artificially in a sandboxed network.
Compare and contrast how information is sent in a wired vs a wireless network.
Define and discuss packet sniffing.
Use the Scapy package to analyze packets stored in a PCAP file.
Motivate the need for data encryption.
Python topics: string parsing and lists and dictionaries.
Appropriate for CS1 or a later course.
This is an intermediate assignment, currently implemented in my course as a 2-hour lab. If impelmented as an assignment, I recommend that students be given a week to complete it.
High Impact lab -- conveys to students the dangers of unsecured wireless networks, and how easy it is to steal/scrape personal information through a packet capture.

Most students prior to the lab had never heard of packet captures or packet sniffing. It was a very eye-opening experience. They were shocked that they could read e-mails and passwords in plain-text, and log-on to the e-mail accounts with the passwords they had stolen.
Time should be spent introducing students to basic wireless network and packet concepts. Without a clear understanding of how packets are organized and how information is sent over a wireless network, students will struggle.

Take the time to throughly explain the provided starter code. Students who have not been exposed to lists or dictionaries may have issues understanding the organization of scapy packet objects.
Requires Python 2.6.6 or later and the scapy package. Students who have basic knowledge of loops, string parsing and lists in Python should have enough knowledge to get started, especially if given the IP subnet. However, a familiarity of dictionaries will help students better understand the organization of Scapy packets.
Additional packet captures can be made available upon request.

For advanced students: As an extra challenge, I recommend that you NOT give the IP subnet. Instead have them use their knowledge of dictionaries to figure out what the IP addresses of the four users are. Essentially the IPs with the common subnet who are sending and receiving the most number of packets will be that of the individuals in the coffee shop.

Networking Overview

An overview of networks and packets can be found in the following slides and instructor handout. I also recorded the following mini video lectures to explain core networking and packet concepts.

Video 1: Network Basics and Definitions

Video 2: Ethics of Packet Sniffing

Video 3: Overview of Practical Component

Student Files

Students should be given a copy of the slides, the starter code, and the PCAP file.

Reflection/Discussion on Lessons Learned

So how do we protect ourselves against packet sniffing? The answer is not to simply use password protected wireless networks. Someone who is intent on stealing your data will likely break the password. Once they are in the network, they can then run the packet sniffer and your goose will be cooked.

So what do we do? During the course of the exercise, there is one individual out of the four that we are unable to get any information on. This is because this indivudal is using an encrypted connection, and their packets are all encrypted. Banks, online stores, and other entities that deal with financial transactions on a regular basis open up a secure channel (using SSL) to encrypt the packets prior to sending/receiving them. That is why it is so important that you always check that you are connected to an https protocal domain before entering password data!

One of the good things that come out of Google's packet sniffing debacle is that all Google searches are now encrypted by default. You can also install third party apps on Firefox such as HTTPS everywher that will open a secure, encrypted session with SSL with whatever website you visit, if an SSL channel is available. I recommend concluding this assignment/lab with a discussion with students what will need to change in order for organizations and governments to adopt packet encryption as mainstream.

Additional Links for Exploration/Discussion

The following are some links that I like to point students to for additional reading/learning.
  1. Video: Amazing Mind Reader - I show this first to my students at the beginning of lab.
  2. Video: How the Internet Works - Aaron Titus does a phenomenal job explaning internet basics. Another great video to point students to if they are still struggling with some of the basics.
  3. Article: Lifehacker: A guide to sniffing out passwords and cookies and how to protect yourself against it - An overview of the tools Firesheep and Wireshark.
  4. Article: Firesheep: A Day Later - Another interesting article on Firesheep.
  5. Article: Google Seeks Supreme Court Review of WiFi packet sniffing ruling
  6. Article: Google's WiFi Sniffing Might Break Wiretap Law, Appeals Court Rules
  7. Article: Ars Technica: Sniffing Open WIFI networks is not wiretapping, judge says - Innovatio IP Ventures decision.
  8. Article: Packet Sniffing Laws Murky as Open Wi-Fi Proliferates