secdev/scapy

Scapy: the Python-based interactive packet manipulation program & library

Guillaume Valadon

@guedou

Can your try with the current master branch from GitHub ?

hognik

@hognik

ok, will do

hognik

@hognik

aah, works with scapy-2.4.5rc1.dev254 Apologies, should have tested that first.
For reference:
... pcapfile layer name Ethernet {'dst': '00:10:94:00:00:0c', 'src': '00:00:2c:11:11:11', 'type': 34984}
... sniffed_packet layer name Ethernet {'dst': '00:10:94:00:00:0c', 'src': '00:00:2c:11:11:11', 'type': 34984}
Have a good day! =)

Guillaume Valadon

@guedou

Thanks for testing the latest version !

IRicI

@IRicI

Hi i am trying to Bridge Profinet traffic with scapy, here is my script:

from scapy.all import *

interfaces = {
    "plc": "ens19",
    "io": "ens20"
}

def pkt_PLC(pkt):
    return pkt

def pkt_io(pkt):
    return pkt

def bridge():
    bridge_and_sniff(interfaces["plc"], interfaces["io"], xfrm12=pkt_PLC,
                     xfrm21=pkt_io, count=0, store=0)

if __name__ == '__main__':
    conf.sniff_promisc = True
    bridge()

the script is working and forwarding the traffic but only for about a minute. After that the connection is shortly lost and the devices have to reconnect. After that its working again for about a minute and than again the same problem. Now my Problem is that with Profinet the connection can’t be lost it always has to be up. So my question is am I doing something wrong, can I somehow up the performance or is it normal that scapy is resetting itself after a time?
Thanks for your help

Pierre

@p-l-

I don't think you're doing something wrong here. You could:

add a print(pkt.summary()) to your pkt_*() functions, to see if the connection is lost after a specific packet is seen?
try replacing Scapy bridge using a Linux bridge, if you are using Ethernet devices, and see if it works

IRicI

@IRicI

It works with a Linux Bridge without Problems. I tracked the traffic with wireshark and there i could see that when the connection is cut Profinet is throwing two PNIO-AL before its reconnecting but before the two error massages there is no strange traffic. After that the connection is connected again. (And when the traffic is continuously forwarded i want to change specific packages, the reason for scapy).

Pierre

@p-l-

OK that's weird. Do you have a traffic burst just before the disconnection? Or maybe a longer message?

IRicI

@IRicI

no, but the traffic is all the time about 3000 packages per second, so i though that scapy maybe has an buffer thats overflowing because the reset is all the time after the same time period.

Pierre

@p-l-

that's interesting indeed. However since you are using store=0 that should not be the case

Is is possible that a delay makes one of the peers reset the connection?

IRicI

@IRicI

yes most likely the reason, the only strange thing for that is that when i am looking at the pcap i can't really see a strange time difference between the packages. And so the question is can i somehow up the performance of the function.

Pierre

@p-l-

Not without understanding what happens I'm affraid

OK there is something you could do: remove protocol detection above Ethernet (Scapy will see all frames as Ether() / Raw()) and see if it works better

IRicI

@IRicI

thanks for your help, do i have to set the filter=0 and if you want i can send you a pcap which shows the Problem.

Pierre

@p-l-

No, you'd have to run something like Ether.payload_guess = []

Poldi

@poldi171254

i'm using scapy as part of a course I'm doing and I can't figure out why I'm getting errors for the following.

I'm running Scapy 2.4.4, IPhyton 7.31.1, Python 3.10.4 on Ubuntu 22.04 LTS

from scapy.all import *
ports = [25,80,53,443,445,8080,8443]
ans,unans = sr(IP(dst="8.8.8.8")/TCP(dport=ports,flags="S"),timeout=2,verbose=0)
for (s,r,) in ans:
  if s[TCP].dport == r[TCP].sport:
    print(s[TCP].dport)

The error I get is

IndexError Traceback (most recent call last)

<ipython-input-4-b68762f6bdfb> in <module>
1 for (s,r,) in ans:
----> 2 if s[TCP].dport == r[TCP].sport:
3 print(s[TCP].dport)
4

/usr/lib/python3/dist-packages/scapy/packet.py in getitem(self, cls)
1183 elif not isinstance(lname, bytes):
1184 lname = repr(lname)
-> 1185 raise IndexError("Layer [%s] not found" % lname)
1186 return ret
1187

IndexError: Layer [TCP] not found

Pierre

@p-l-

That is an easy one: there is no TCP layer in the packet

IRicI

@IRicI

Thanks for the tip with the detection know its running a couple of seconds longer but then still losing connection because something is not fast enough (error for the timeout "ar consumer dht/wdt expired")

Poldi

@poldi171254

Doohhhh. Thanks

IRicI

@IRicI

found my Problem, the script is working fine the problem was the garbage collector that python is using. It looks like it is taking longer than 1 ms so after disabling it everything woks fine.

Poldi

@poldi171254

I'm running Scapy 2.4.4, IPhyton 7.31.1, Python 3.10.4 on Ubuntu 22.04 LTS and when I start scapy I get the following

<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

<frozen importlib._bootstrap>:671: ImportWarning: _SixMetaPathImporter.exec_module() not found; falling back to load_module()

<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

<frozen importlib._bootstrap>:671: ImportWarning: _SixMetaPathImporter.exec_module() not found; falling back to load_module()

<frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

Pierre

@p-l-

Could you try to update to the current dev version from github?

2 replies

Poldi

@poldi171254

Will try

Cesare De Cal

@csr

hi, would Scapy allow me to inspect an eCPRI packet and its fields? couldn't find this info in the docs

the input would be a PCAP file with tons of eCPRI packets.

ha, looks like I need to create a new protocol? https://scapy.readthedocs.io/en/latest/build_dissect.html#adding-new-protocols

gowda26

@gowda26

TLS 1.3
Scapy example server, client with PSK fails with
INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]

root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_client.py --psk 636c69656e74696431 --debug --version tls13
DEBUG: Starting control thread [tid=139722989967104]
DEBUG: Received command RUN
DEBUG: ## state=[INITIAL]

Starting TLS client automaton.
DEBUG: switching from [INITIAL] to [INIT_TLS_SESSION]
DEBUG: ## state=[INIT_TLS_SESSION]
DEBUG: switching from [INIT_TLS_SESSION] to [CONNECT]
DEBUG: ## state=[CONNECT]
Trying to connect on 127.0.0.1:4433
DEBUG: switching from [CONNECT] to [TLS13_START]
DEBUG: ## state=[TLS13_START]
DEBUG: Trying Condition [tls13_should_add_ClientHello]
DEBUG: Condition [tls13_should_add_ClientHello] taken to state [TLS13_ADDED_CLIENTHELLO]
DEBUG: switching from [TLS13_START] to [TLS13_ADDED_CLIENTHELLO]
DEBUG: ## state=[TLS13_ADDED_CLIENTHELLO]
DEBUG: switching from [TLS13_ADDED_CLIENTHELLO] to [TLS13_SENDING_CLIENTFLIGHT1]
DEBUG: ## state=[TLS13_SENDING_CLIENTFLIGHT1]
DEBUG: Trying Condition [tls13_should_send_ClientFlight1]
DEBUG: Condition [tls13_should_send_ClientFlight1] taken to state [TLS13_SENT_CLIENTFLIGHT1]
DEBUG: switching from [TLS13_SENDING_CLIENTFLIGHT1] to [TLS13_SENT_CLIENTFLIGHT1]
DEBUG: ## state=[TLS13_SENT_CLIENTFLIGHT1]
DEBUG: switching from [TLS13_SENT_CLIENTFLIGHT1] to [TLS13_WAITING_SERVERFLIGHT1]
DEBUG: ## state=[TLS13_WAITING_SERVERFLIGHT1]
DEBUG: switching from [TLS13_WAITING_SERVERFLIGHT1] to [TLS13_RECEIVED_SERVERFLIGHT1]
DEBUG: ## state=[TLS13_RECEIVED_SERVERFLIGHT1]
DEBUG: Trying Condition [tls13_should_handle_ServerHello]
DEBUG: Condition [tls13_should_handle_ServerHello] taken to state [TLS13_HANDLED_SERVERHELLO]
DEBUG: switching from [TLS13_RECEIVED_SERVERFLIGHT1] to [TLS13_HANDLED_SERVERHELLO]
DEBUG: ## state=[TLS13_HANDLED_SERVERHELLO]
DEBUG: Trying Condition [tls13_should_handle_encrytpedExtensions]
INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
DEBUG: Condition [tls13_should_handle_encrytpedExtensions] not taken
DEBUG: Trying Condition [tls13_should_handle_ChangeCipherSpec]
DEBUG: Condition [tls13_should_handle_ChangeCipherSpec] not taken
DEBUG: Trying Condition [tls13_missing_encryptedExtension]
Missing TLS 1.3 EncryptedExtensions message!
DEBUG: Condition [tls13_missing_encryptedExtension] taken to state [CLOSE_NOTIFY]
DEBUG: switching from [TLS13_HANDLED_SERVERHELLO] to [CLOSE_NOTIFY]
DEBUG: ## state=[CLOSE_NOTIFY]
Trying to send a TLSAlert to the server...
DEBUG: Trying Condition [close_session]
DEBUG: Condition [close_session] taken to state [FINAL]
DEBUG: switching from [CLOSE_NOTIFY] to [FINAL]
DEBUG: ## state=[FINAL]
Closing client socket...
Ending TLS client automaton.
DEBUG: Stopping control thread (tid=139722989967104)
root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls#

root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_server.py --psk 636c69656e74696431 --debug --handle_session_ticket
DEBUG: Starting control thread [tid=140400778635008]
DEBUG: Received command RUN
DEBUG: ## state=[INITIAL]

Starting TLS server automaton.
Receiving 'stop_server' will cause a graceful exit.
Interrupting with Ctrl-Z might leave a loose socket hanging.
DEBUG: switching from [INITIAL] to [BIND]
DEBUG: ## state=[BIND]
DEBUG: switching from [BIND] to [WAITING_CLIENT]
DEBUG: ## state=[WAITING_CLIENT]
Waiting for a new client on 127.0.0.1:4433
Accepted connection from 127.0.0.1:59432
DEBUG: switching from [WAITING_CLIENT] to [INIT_TLS_SESSION]
DEBUG: ## state=[INIT_TLS_SESSION]
DEBUG: switching from [INIT_TLS_SESSION] to [WAITING_CLIENTFLIGHT1]
DEBUG: ## state=[WAITING_CLIENTFLIGHT1]
DEBUG: switching from [WAITING_CLIENTFLIGHT1] to [RECEIVED_CLIENTFLIGHT1]
DEBUG: ## state=[RECEIVED_CLIENTFLIGHT1]
DEBUG: Trying Condition [tls13_should_handle_ClientHello]
DEBUG: Condition [tls13_should_handle_ClientHello] taken to state [tls13_HANDLED_CLIENTHELLO]
DEBUG: switching from [RECEIVED_CLIENTFLIGHT1]

any idea why its failing?

root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_server.py --psk 636c69656e74696431 --debug --handle_session_ticket
DEBUG: Starting control thread [tid=139891420256000]
DEBUG: Received command RUN
DEBUG: ## state=[INITIAL]

Starting TLS server automaton.
Receiving 'stop_server' will cause a graceful exit.
Interrupting with Ctrl-Z might leave a loose socket hanging.
DEBUG: switching from [INITIAL] to [BIND]
DEBUG: ## state=[BIND]
DEBUG: switching from [BIND] to [WAITING_CLIENT]
DEBUG: ## state=[WAITING_CLIENT]
Waiting for a new client on 127.0.0.1:4433
Accepted connection from 127.0.0.1:59436
DEBUG: switching from [WAITING_CLIENT] to [INIT_TLS_SESSION]
DEBUG: ## state=[INIT_TLS_SESSION]
DEBUG: switching from [INIT_TLS_SESSION] to [WAITING_CLIENTFLIGHT1]
DEBUG: ## state=[WAITING_CLIENTFLIGHT1]
DEBUG: switching from [WAITING_CLIENTFLIGHT1] to [RECEIVED_CLIENTFLIGHT1]
DEBUG: ## state=[RECEIVED_CLIENTFLIGHT1]
DEBUG: Trying Condition [tls13_should_handle_ClientHello]
DEBUG: Condition [tls13_should_handle_ClientHello] taken to state [tls13_HANDLED_CLIENTHELLO]
DEBUG: switching from [RECEIVED_CLIENTFLIGHT1] to [tls13_HANDLED_CLIENTHELLO]
DEBUG: ## state=[tls13_HANDLED_CLIENTHELLO]
DEBUG: switching from [tls13_HANDLED_CLIENTHELLO] to [tls13_PREPARE_SERVERFLIGHT1]
DEBUG: ## state=[tls13_PREPARE_SERVERFLIGHT1]
DEBUG: Trying Condition [tls13_should_add_ServerHello]
DEBUG: Condition [tls13_should_add_ServerHello] taken to state [tls13_ADDED_SERVERHELLO]
DEBUG: switching from [tls13_PREPARE_SERVERFLIGHT1] to [tls13_ADDED_SERVERHELLO]
DEBUG: ## state=[tls13_ADDED_SERVERHELLO]
DEBUG: Trying Condition [tls13_should_add_EncryptedExtensions]
DEBUG: Condition [tls13_should_add_EncryptedExtensions] taken to state [tls13_ADDED_ENCRYPTEDEXTENSIONS]
DEBUG: switching from [tls13_ADDED_SERVERHELLO] to [tls13_ADDED_ENCRYPTEDEXTENSIONS]
DEBUG: ## state=[tls13_ADDED_ENCRYPTEDEXTENSIONS]
DEBUG: Trying Condition [tls13_should_add_CertificateRequest]
DEBUG: Condition [tls13_should_add_CertificateRequest] taken to state [tls13_ADDED_CERTIFICATEREQUEST]
DEBUG: switching from [tls13_ADDED_ENCRYPTEDEXTENSIONS] to [tls13_ADDED_CERTIFICATEREQUEST]
DEBUG: ## state=[tls13_ADDED_CERTIFICATEREQUEST]
DEBUG: Trying Condition [tls13_should_add_Certificate]
DEBUG: Condition [tls13_should_add_Certificate] taken to state [tls13_ADDED_CERTIFICATE]
DEBUG: switching from [tls13_ADDED_CERTIFICATEREQUEST] to [tls13_ADDED_CERTIFICATE]
DEBUG: ## state=[tls13_ADDED_CERTIFICATE]
DEBUG: Trying Condition [tls13_should_add_CertificateVerifiy]
DEBUG: Condition [tls13_should_add_CertificateVerifiy] taken to state [tls13_ADDED_CERTIFICATEVERIFY]
DEBUG: switching from [tls13_ADDED_CERTIFICATE] to [tls13_ADDED_CERTIFICATEVERIFY]
DEBUG: ## state=[tls13_ADDED_CERTIFICATEVERIFY]
DEBUG: Trying Condition [tls13_should_add_Finished]
DEBUG: Condition [tls13_should_add_Finished] taken to state [tls13_ADDED_SERVERFINISHED]
DEBUG: switching from [tls13_ADDED_CERTIFICATEVERIFY] to [tls13_ADDED_SERVERFINISHED]
DEBUG: ## state=[tls13_ADDED_SERVERFINISHED]
DEBUG: Trying Condition [tls13_should_send_ServerFlight1]
DEBUG: Condition [tls13_should_send_ServerFlight1] taken to state [tls13_WAITING_CLIENTFLIGHT2]
DEBUG: switching from [tls13_ADDED_SERVERFINISHED] to [tls13_WAITING_CLIENTFLIGHT2]
DEBUG: ## state=[tls13_WAITING_CLIENTFLIGHT2]
INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
WARNING: InnerPlaintext should at least contain a byte type!
DEBUG: Transferring exception from tid=139891420256000:
Traceback (most recent call last):
File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 986, in _do_control
state = next(iterator)
File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 1021, in _do_iter
state_output = self.state.run()
File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 347, in run
return self.func(self.automaton, self.args, *self.kargs)
File "/home/localadmin/workspace/scapy_new/scapy/scapy/layers/tls/automaton_srv.py", line 839,

gowda26

@gowda26

any idea?

Stepan

@StepanGavrilov

hi everyone, how i can send assocresp_elements and vendor_elements like in hostapd but using scapy

jamesbergeron

@jamesbergeron

Hi I'm hoping someone can help me. I have a new layer that we added to scapy 2.X way back when. And I am trying to use it now with python 3.9 and the decoding is not going as expected. It decodes the first chunk then moves to the next dissector and seems to just stop.

class IPFIXHeader(Packet):
    name = "IPFIX Header"
    fields_desc = [ ShortField("version", 10),
                FieldLenField("length",None, length_of="sets"),
                IntField("exportTime", 0),
                IntField("sequenceNumber", 0),
                IntField("observationDomainId", 0),
                PacketListField("sets",None, SetHeader, length_from=lambda pkt:pkt.length-16) ]

# This calculates the length of the IPFIX message after the packet is assembled
def post_build(self, p, pay):
    if self.length is None:
        l = len(p)+len(pay)
        p = p[:2]+struct.pack("!H", l)+p[4:]
    return p+pay
def extract_padding(self, s):
    return "", s

jamesbergeron

@jamesbergeron

class SetHeader(Packet):
      name = "Set Header"fields_desc = [ ShortField("setID", 0),
                FieldLenField("setLength", None, length_of="records"),
                PacketListField("records", None, None, length_from=lambda pkt:pkt.setLength-4) ]

def extract_padding(self, s):
    return "", s
# Overwrites class of packets in "records" depending on value of setID, hence allowing 
# for correct dissection of records (into Template, Volume Record, or Performance Record)
def do_dissect(self, s):
    flist = self.fields_desc[:]
    flist.reverse()
    while s and flist:
        f = flist.pop()
        s,fval = f.getfield(self, s)
        self.fields[f.name] = fval
        if f.name == "setID":
           if fval == 2:
             print("Should call TemplateHeader", flush=True)
             max(flist).cls = TemplateHeader

class TemplateHeader(Packet):
    name = "Template Header"
    fields_desc = [ ShortField("templateID", 1000),
                              ShortField("fieldCount", 21) ]
def guess_payload_class(self, payload):
    print("I am in the TemplateHeader Now", flush=True)
    if (self.templateID >= 1000 and self.templateID <= 1999):
        return VolumeTemplate

I call IPFIXHeader(packet) It seems to get as far as "Should call TemplateHeader" it then returns a IPFIXHeader but only decoded up to the sets= I don't get a Set Header or records. This same code works great in 2.x something changed with how this works?

Mety414

@Mety414

Hi, I'm (was) happily using the Some/IP Class contribution for creating my own Tests Packets. Recently, I realised that I was not able to set the "method_id" field (which 2 bytes long) to something like 0x8xxx. Funny is that Scapy shows me that it sets the value as I like but when the packet is out on wire or Loop back Interface, wireshark something else. I decided to sweep the whole range (0x0000 to 0xffff) and see that in wireshark capture this value always rolls over at 0x7ffff. Anyone any idea? Thanks!

5 replies

Michael Bruhn

@EviLDgL_gitlab

I have a question on the TLS automaton. Im kinda trying to rewrite some of the code, to get it working with the master_filter approach. Why is the dissection of the TLS packets not done in the tcp_reassembly method instead of get_next_msg? If it would be done in the tcp_reassembly method there would be the chance to work with receive conditions and the master filter on the automaton itself

and on the tcp_reassembly we already have the possibilty to do that, because we can get the unencrypted length

bCyberBasti

@bcyberbasti:matrix.muensterhack.de

[m]

I am trying to wrap my head around scapy (with rusty python knowledge in a jupyter notebook)
I've managed to load a pcap file and I am looking at the first package.
I am trying to reproduce wiresharks parsing of the package.
That package contains BTP-B and Intelligent Transport Data (where the ultimate goal is to write a scapy layer for these protocols. Scapy decodes Ethernet, IP and UDP Layers and everything else is just raw hex. Wireshark shows me that the next layer is TZSP IEEE 802.11 Good
Naive me thought that i only need to do:

from scapy.all import *
from scapy.contrib.tzsp import TZSP
pcap = rdpcap("/home/jovyan/work/my.pcap")
first_packet = pcap[0]
first_packet[TZSP]

but that returns : IndexError: Layer [TZSP] not found

1 reply

BruebachL

@BruebachL

Is there a way to use scapy's automaton/answering machines without sniffing? I'm getting my packets through NFQueue and can't bind to a socket/interface directly, I think?

BruebachL

@BruebachL

Is it as simple as setting conf.iface (as implied here) https://stackoverflow.com/questions/25170273/working-with-multiple-interfaces-in-scapy and then yeeting the packets back to the interface with NFQUEUE.ACCEPT?

Tanvir Kekan

@tkekan

Hello there, I'm hitting the below issue when using scapy to process hundreds of packets performing header manipulation from a process. I already have set the max open files to open files (-n) 1048576 as can be seen from ulimit.
Process Process-4126:
Traceback (most recent call last):
File "/usr/lib64/python3.6/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib64/python3.6/multiprocessing/process.py", line 93, in run
self._target(self._args, self._kwargs)
File "<>", line 286, in send
self._sendComposite(pkt, padToLength)
File "<>", line 276, in _sendComposite
send(packet, verbose=0)
File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 429, in send kargs
File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 394, in _send
socket = socket or _func(iface)(iface=iface, *kargs)
File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 503, in init
_flush_fd(self.ins.fileno())
File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 460, in _flush_fd
r, w, e = select([fd], [], [], 0)
ValueError: filedescriptor out of range in select()

Tanvir Kekan

@tkekan

Hello there, I'm hitting the below issue when using scapy to process hundreds of packets performing header manipulation from a process. I already have set the max open files to open files (-n) 1048576 as can be seen from ulimit.
Process Process-4126:
Traceback (most recent call last):
File "/usr/lib64/python3.6/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib64/python3.6/multiprocessing/process.py", line 93, in run
self._target(self._args, self._kwargs)
File "<>", line 286, in send
self._sendComposite(pkt, padToLength)
File "<>", line 276, in _sendComposite
send(packet, verbose=0)
File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 429, in send kargs
File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 394, in _send
socket = socket or _func(iface)(iface=iface, *kargs)
File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 503, in init
_flush_fd(self.ins.fileno())
File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 460, in _flush_fd
r, w, e = select([fd], [], [], 0)
ValueError: filedescriptor out of range in select()

@tkekan
This error is usually seen after Process Process-1016
just before issue starts.
bash-4.2$ cat /proc/sys/fs/file-nr
3040 0 6155890

Initial state :
bash-4.2$ cat /proc/sys/fs/file-nr
2176 0 6155890

Tanvir Kekan

@tkekan

hello can anyone please help me in regards to the above query ?

Chayni

@Chayni

Hey, can somone please help me delete a route? Im having trouble. https://stackoverflow.com/questions/73055291/cant-delete-a-route-from-scapys-route-table

Rene Larige

@Renelari_gitlab

Hi. When using the 'sniff' method, what is the difference between using a filter at the sniff call level and filtering in the callback method passed to the sniff call ? Performance? Or just the same but a personal preference? Thank you !

Rene Larige

@Renelari_gitlab

(I know filter is sent to libpcap, but does that make a significant difference?)
Another precision: I use simple filters for wireless, like beacons or probe requests

yoann-dewilde

@yoann-dewilde

Hello, I'm trying to sniff TCP packets from my PC to an Ethernet/RS485 adapter (IP: 192.168.0.97, port: 502). So I tried both

sniff(iface=None, prn=Packet.summary, filter="tcp port 502")
# and
sniff(iface=None, prn=Packet.summary, filter="ip host 192.168.0.97")

But none of these print packets.

Where communities thrive

People

Repo info

Activity