Build a network activity logger

Building a network activity logger involves capturing and recording network traffic for monitoring purposes. This can be achieved using different programming languages and libraries, depending on the specific requirements and platform. Below is a simple Python-based implementation that uses the scapy library for capturing network packets and logging the activity to a file.

Requirements:

• Python 3.x

• scapy library (Install it via pip install scapy)

Steps:

1. Install dependencies: You need scapy to capture network packets. Install it via pip if you haven’t already:

   bash
   CopyEdit
   pip install scapy
   

2. Code for Network Activity Logger:

   python
   CopyEdit
   import scapy.all as scapy
   from datetime import datetime
   
   # Define the log file
   log_file = "network_activity.log"
   
   # Function to log packets
   def log_packet(packet):
       # Extracting relevant details from the packet
       timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
       src_ip = packet[scapy.IP].src if packet.haslayer(scapy.IP) else "N/A"
       dest_ip = packet[scapy.IP].dst if packet.haslayer(scapy.IP) else "N/A"
       protocol = packet.proto if packet.haslayer(scapy.IP) else "N/A"
       length = len(packet)
   
       # Log the packet details
       log_entry = f"{timestamp} | Src IP: {src_ip} | Dest IP: {dest_ip} | Protocol: {protocol} | Length: {length} bytesn"
       
       # Write the log to the file
       with open(log_file, "a") as log:
           log.write(log_entry)
       
       print(f"Logged packet: {log_entry.strip()}")
   
   # Function to start packet capture
   def start_logging():
       print(f"Starting network activity logger. Logging to {log_file}...n")
       scapy.sniff(prn=log_packet, store=0)
   
   # Run the logger
   if __name__ == "__main__":
       start_logging()
   

How It Works:

• scapy.sniff(): Captures network packets in real time. It calls the log_packet() function for each packet it captures.

• log_packet(): This function extracts information like the source IP, destination IP, protocol, and packet length, then logs this to a file network_activity.log along with a timestamp.

• Timestamping: Each log entry has a timestamp of when the packet was captured.

Features:

1. Network Activity Logging: Logs every network packet (with IP and protocol) along with its size.

2. Customizable: You can modify the information captured or the output format (e.g., log more detailed data like payload, flags, etc.).

3. Real-time Monitoring: The logger continues capturing packets until you stop the program.

Usage:

1. Run the script as administrator (or with sufficient privileges on Linux/Mac) to access network interfaces.

2. The logger will capture packets and log them into the network_activity.log file.

3. You can stop the logging by pressing CTRL+C in the terminal.

Example Log Output:

yaml
CopyEdit
2025-05-18 12:45:12 | Src IP: 192.168.1.5 | Dest IP: 192.168.1.1 | Protocol: 6 | Length: 60 bytes
2025-05-18 12:45:14 | Src IP: 192.168.1.1 | Dest IP: 192.168.1.5 | Protocol: 6 | Length: 64 bytes

Enhancements:

1. Filters: You could add packet filters to capture only specific types of traffic (e.g., TCP packets or UDP packets) by using the filter parameter in scapy.sniff().

2. Visualization: For larger logs, you might want to visualize the traffic with tools like Wireshark or a custom dashboard for easier analysis.

3. Alerts: You could add functionality to trigger alerts based on certain criteria, such as the detection of specific types of traffic or unusual packet sizes.

4. Database Logging: If you need to store the log in a more structured format, you could write it to a database like SQLite or MySQL instead of a plain text file.

Would you like me to enhance this example further with any specific features or adjustments?