Ghost Sniffer is a lightweight network sniffer + IDS tool built with Scapy. It can monitor live network traffic, detect simple anomalies, and perform host profiling.
-
π Live Sniffing: capture packets in real time from a network interface.
-
π Offline Analysis: read and analyze PCAP files.
-
π‘οΈ IDS-style Detection:
- ARP spoofing
- Port scans
- SYN floods
- DNS NXDOMAIN floods
- High packet rate
-
π Statistics:
- Per-protocol packet counts
- Top talkers (most active IPs)
- Periodic summaries (
--summary-interval)
-
𧩠Host Profiling:
- MAC addresses & vendors
- DNS queries
- TLS SNI
- HTTP Host & User-Agent
-
πΎ Output Options:
- Save packets to PCAP
- Save summaries to CSV
- Save detailed info to JSON
-
π¨ Output Modes:
--verboseβ detailed packet view with colored output (Scapy-like)--quietβ only start message + final summary--stats-onlyβ only statistics--no-colorβ disable colored output (for logs)--follow <IP>β filter traffic for a specific IP
Clone the repository and install dependencies:
git clone https://github.com/username/ghost-sniffer.git
cd ghost-sniffer
pip install -r requirements.txtDependencies:
sudo python3 sniffer.py -i wlan0 -d 120 --pcap out.pcap --csv out.csv --verbosepython3 sniffer.py --read capture.pcap --verbosesudo python3 sniffer.py -i eth0 -d 300 --quietsudo python3 sniffer.py -i wlan0 -d 60 --json output.jsonUse Ghost Sniffer only on networks or devices that you own or have explicit permission to test. Unauthorized use may violate the law.
MIT License Β© 2025