Academic project developed as part of my Networks course at Sorbonne Université
A Wireshark-inspired network packet analyzer built in Python, featuring a graphical interface for real-time frame capture, multi-protocol parsing, advanced filtering, and automated PDF report generation. The project was an in-depth exploration of network layers and protocols (Ethernet, IPv4/IPv6, TCP, UDP, HTTP).
- Core Technologies: Python 3.11,
tkinter(GUI),scapy(packet capture & parsing),sqlite3(filter database),reportlab/fpdf(PDF generation) - Tools & Environment: Make, pip
- Python 3.11+
pipmake- Root/admin privileges (required for raw socket access)
# 1. Clone the repository
git clone https://github.com/Tinshea/WireOwl.git
cd WireOwl
# 2. Install all dependencies
make setup
# 3. Run the analyzer
make run
# 4. Clean cache files
make clean| Layer | Protocols |
|---|---|
| Layer 2 — Data Link | Ethernet (MAC addresses, frame type) |
| Layer 3 — Network | IPv4, IPv6 |
| Layer 4 — Transport | TCP (flags, ports, sequence numbers), UDP |
| Layer 7 — Application | HTTP (method, version, status, headers) |
Frames can be filtered in real time using an expression syntax stored in a SQLite database:
protocol == TCP
ip.src != 192.168.1.1
http.version == 1.1
port == 443
mac.dst == ff:ff:ff:ff:ff:ff
WireOwl/
├── core/
│ ├── trame.py # MAC/IP address extraction
│ ├── tcp.py # TCP flags and metadata parsing
│ └── httpmodule.py # HTTP request/response detection
├── affichage/
│ └── source.py # GUI (tkinter), main interaction loop
├── Tools/
│ ├── filtrage.py # Filter engine + SQLite database
│ └── pdf.py # PDF report generation and flowgraph
├── sample/ # Sample .pcap files for testing
├── main.py # Entry point
├── Makefile # Setup, run, clean targets
└── PDF # Generated report output
The pdf.py module automatically generates a detailed report of captured frames including a Wireshark-style flowgraph showing the sequence of exchanges between hosts.
Sorbonne Université — Networks course
No license specified.