During my internship at Prodigy Info Tech, I developed a Network Packet Analyser using Python to analyse how data is transmitted across a network at the packet level.
This project helped me explore how real-time network traffic is captured, decoded, and analysed — the same fundamental techniques used by network monitoring systems, intrusion detection systems (IDS), and security operation centres (SOC).
In this article, I'll explain:
- Why packet analysis matters
- How the tool works
- Key observations from real traffic
- Challenges faced
- What I learned
Why Packet Analysis Matters
Every action we perform on the internet — loading a website, sending a request, downloading data, or streaming video — happens through network packets.
Security and monitoring tools analyse these packets to:
- Detect malicious activity
- Monitor abnormal behaviour
- Investigate security incidents
- Troubleshoot network performance
Understanding packet structure allows security professionals to:
- Analyse suspicious traffic
- Detect anomalies
- Understand TCP communication flow.
- Strengthen troubleshooting and forensic analysis skills
Packet analysis forms the backbone of network security, ethical hacking, and SOC operations.
Project Overview
The objective of this project was to build a packet analyser from scratch using Python, without relying on external packet capture libraries like Scapy or PyShark.
The tool captures raw IPv4 packets using socket programming and decodes them layer by layer.
Key Functional Components:
1. IPv4 Header Parsing
The analyser extracts:
- Source IP address
- Destination IP address
- Protocol type
- Time To Live (TTL)
- Header length
- Total packet length
This helps understand routing behaviour and protocol distribution.
2. TCP Segment Parsing
From each TCP segment, the tool extracts:
- Source port
- Destination port
- Sequence number
- Acknowledgment number
- TCP flags such as SYN, ACK, and PSH
This enables tracking of connection establishment, data flow, and retransmissions.
3. Payload Data Inspection
The analyser:
- Extracts raw payload bytes
- Generates a formatted hex dump
- Displays the first 100 bytes for inspection
This provides insight into actual transmitted data and packet structure.
4. Capture Statistics
At the end of execution, the tool displays:
- Total packets captured
- Structured packet summary
This gives a high-level overview of session activity.
Sample Analysis from Live Testing
During testing, I captured 749 packets in a single session.
Key Observations:
- Continuous TCP communication between the local system and the remote web server
- HTTP traffic flowing through port 80
- Payload segments of approximately 1440 bytes
- TCP packet retransmissions
- TTL differences between the local system and remote servers
TTL Analysis Insight:
The local system showed TTL = 128, which is typical for Windows-based systems.
The remote server showed TTL = 53, indicating multiple router hops between the client and server.
These small packet-level observations provide valuable clues about:
- Operating system fingerprinting
- Network path characteristics
- Routing complexity
Technical Concepts Applied
This project helped me deeply understand:
- Raw socket programming
- Binary data parsing using Python's
structmodule - TCP/IP protocol architecture
- Header field extraction
- Packet-level debugging
- Network traffic inspection
Challenges Faced
1. Raw Socket Restrictions in Windows
Windows restricts raw socket access for security reasons. To capture packets, the script must run with administrator privileges.
This highlighted real-world OS-level security controls that prevent unauthorised packet sniffing.
2. Accurate Header Parsing
Correctly extracting TCP headers and payload required:
- Precise calculation of header lengths
- Bit-level decoding
- Accurate offset handling
Even a small mistake in bit positioning leads to incorrect data interpretation.
Future Enhancements
Planned improvements include:
- TCP stream reassembly
- HTTP header detection
- Protocol-based filtering
- Exporting captured packets to PCAP or log files
- Basic anomaly detection mechanisms
These features would significantly increase real-world usability.
Source Code
The complete source code is available on GitHub:
🔗 https://github.com/manividyadhar/internship_1-packet_analyzer
The LinkedIn link
🔗https://www.linkedin.com/in/manividyadhar/
Final Thoughts
Building this project gave me hands-on exposure to how security monitoring systems analyse network traffic internally.
It strengthened my understanding of:
- How attackers and defenders rely on packet-level visibility
- How network protocols actually function
- Why packet inspection is crucial in cybersecurity
This project laid a strong foundation in networking, cybersecurity, and SOC analysis, and motivated me to further explore network security engineering and threat detection.