Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Guillaume Valadon
    @guedou
    Can your try with the current master branch from GitHub ?
    hognik
    @hognik
    ok, will do
    hognik
    @hognik
    aah, works with scapy-2.4.5rc1.dev254 Apologies, should have tested that first.
    For reference:
    ... pcapfile layer name Ethernet {'dst': '00:10:94:00:00:0c', 'src': '00:00:2c:11:11:11', 'type': 34984}
    ... sniffed_packet layer name Ethernet {'dst': '00:10:94:00:00:0c', 'src': '00:00:2c:11:11:11', 'type': 34984}
    Have a good day! =)
    Guillaume Valadon
    @guedou
    Thanks for testing the latest version !
    IRicI
    @IRicI

    Hi i am trying to Bridge Profinet traffic with scapy, here is my script:

    from scapy.all import *
    
    interfaces = {
        "plc": "ens19",
        "io": "ens20"
    }
    
    def pkt_PLC(pkt):
        return pkt
    
    def pkt_io(pkt):
        return pkt
    
    def bridge():
        bridge_and_sniff(interfaces["plc"], interfaces["io"], xfrm12=pkt_PLC,
                         xfrm21=pkt_io, count=0, store=0)
    
    if __name__ == '__main__':
        conf.sniff_promisc = True
        bridge()

    the script is working and forwarding the traffic but only for about a minute. After that the connection is shortly lost and the devices have to reconnect. After that its working again for about a minute and than again the same problem. Now my Problem is that with Profinet the connection can’t be lost it always has to be up. So my question is am I doing something wrong, can I somehow up the performance or is it normal that scapy is resetting itself after a time?
    Thanks for your help

    Pierre
    @p-l-
    I don't think you're doing something wrong here. You could:
    • add a print(pkt.summary()) to your pkt_*() functions, to see if the connection is lost after a specific packet is seen?
    • try replacing Scapy bridge using a Linux bridge, if you are using Ethernet devices, and see if it works
    IRicI
    @IRicI
    It works with a Linux Bridge without Problems. I tracked the traffic with wireshark and there i could see that when the connection is cut Profinet is throwing two PNIO-AL before its reconnecting but before the two error massages there is no strange traffic. After that the connection is connected again. (And when the traffic is continuously forwarded i want to change specific packages, the reason for scapy).
    Pierre
    @p-l-
    OK that's weird. Do you have a traffic burst just before the disconnection? Or maybe a longer message?
    IRicI
    @IRicI
    no, but the traffic is all the time about 3000 packages per second, so i though that scapy maybe has an buffer thats overflowing because the reset is all the time after the same time period.
    Pierre
    @p-l-
    that's interesting indeed. However since you are using store=0 that should not be the case
    Is is possible that a delay makes one of the peers reset the connection?
    IRicI
    @IRicI
    yes most likely the reason, the only strange thing for that is that when i am looking at the pcap i can't really see a strange time difference between the packages. And so the question is can i somehow up the performance of the function.
    Pierre
    @p-l-
    Not without understanding what happens I'm affraid
    OK there is something you could do: remove protocol detection above Ethernet (Scapy will see all frames as Ether() / Raw()) and see if it works better
    IRicI
    @IRicI
    thanks for your help, do i have to set the filter=0 and if you want i can send you a pcap which shows the Problem.
    Pierre
    @p-l-
    No, you'd have to run something like Ether.payload_guess = []
    Poldi
    @poldi171254

    i'm using scapy as part of a course I'm doing and I can't figure out why I'm getting errors for the following.

    I'm running Scapy 2.4.4, IPhyton 7.31.1, Python 3.10.4 on Ubuntu 22.04 LTS

    from scapy.all import *
    ports = [25,80,53,443,445,8080,8443]
    ans,unans = sr(IP(dst="8.8.8.8")/TCP(dport=ports,flags="S"),timeout=2,verbose=0)
    for (s,r,) in ans:
      if s[TCP].dport == r[TCP].sport:
        print(s[TCP].dport)

    The error I get is


    IndexError Traceback (most recent call last)

    <ipython-input-4-b68762f6bdfb> in <module>
    1 for (s,r,) in ans:
    ----> 2 if s[TCP].dport == r[TCP].sport:
    3 print(s[TCP].dport)
    4

    /usr/lib/python3/dist-packages/scapy/packet.py in getitem(self, cls)
    1183 elif not isinstance(lname, bytes):
    1184 lname = repr(lname)
    -> 1185 raise IndexError("Layer [%s] not found" % lname)
    1186 return ret
    1187

    IndexError: Layer [TCP] not found

    Pierre
    @p-l-
    That is an easy one: there is no TCP layer in the packet
    IRicI
    @IRicI
    Thanks for the tip with the detection know its running a couple of seconds longer but then still losing connection because something is not fast enough (error for the timeout "ar consumer dht/wdt expired")
    Poldi
    @poldi171254
    Doohhhh. Thanks
    IRicI
    @IRicI
    found my Problem, the script is working fine the problem was the garbage collector that python is using. It looks like it is taking longer than 1 ms so after disabling it everything woks fine.
    Poldi
    @poldi171254

    I'm running Scapy 2.4.4, IPhyton 7.31.1, Python 3.10.4 on Ubuntu 22.04 LTS and when I start scapy I get the following


    <frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

    <frozen importlib._bootstrap>:671: ImportWarning: _SixMetaPathImporter.exec_module() not found; falling back to load_module()

    <frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

    <frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

    <frozen importlib._bootstrap>:671: ImportWarning: _SixMetaPathImporter.exec_module() not found; falling back to load_module()

    <frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()

    <frozen importlib._bootstrap>:914: ImportWarning: _SixMetaPathImporter.find_spec() not found; falling back to find_module()


    Pierre
    @p-l-
    Could you try to update to the current dev version from github?
    2 replies
    Poldi
    @poldi171254
    Will try
    Cesare De Cal
    @csr
    hi, would Scapy allow me to inspect an eCPRI packet and its fields? couldn't find this info in the docs
    the input would be a PCAP file with tons of eCPRI packets.
    gowda26
    @gowda26

    TLS 1.3
    Scapy example server, client with PSK fails with
    INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]

    root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_client.py --psk 636c69656e74696431 --debug --version tls13
    DEBUG: Starting control thread [tid=139722989967104]
    DEBUG: Received command RUN
    DEBUG: ## state=[INITIAL]

    Starting TLS client automaton.
    DEBUG: switching from [INITIAL] to [INIT_TLS_SESSION]
    DEBUG: ## state=[INIT_TLS_SESSION]
    DEBUG: switching from [INIT_TLS_SESSION] to [CONNECT]
    DEBUG: ## state=[CONNECT]

    Trying to connect on 127.0.0.1:4433

    DEBUG: switching from [CONNECT] to [TLS13_START]
    DEBUG: ## state=[TLS13_START]
    DEBUG: Trying Condition [tls13_should_add_ClientHello]
    DEBUG: Condition [tls13_should_add_ClientHello] taken to state [TLS13_ADDED_CLIENTHELLO]
    DEBUG: switching from [TLS13_START] to [TLS13_ADDED_CLIENTHELLO]
    DEBUG: ## state=[TLS13_ADDED_CLIENTHELLO]
    DEBUG: switching from [TLS13_ADDED_CLIENTHELLO] to [TLS13_SENDING_CLIENTFLIGHT1]
    DEBUG: ## state=[TLS13_SENDING_CLIENTFLIGHT1]
    DEBUG: Trying Condition [tls13_should_send_ClientFlight1]
    DEBUG: Condition [tls13_should_send_ClientFlight1] taken to state [TLS13_SENT_CLIENTFLIGHT1]
    DEBUG: switching from [TLS13_SENDING_CLIENTFLIGHT1] to [TLS13_SENT_CLIENTFLIGHT1]
    DEBUG: ## state=[TLS13_SENT_CLIENTFLIGHT1]
    DEBUG: switching from [TLS13_SENT_CLIENTFLIGHT1] to [TLS13_WAITING_SERVERFLIGHT1]
    DEBUG: ## state=[TLS13_WAITING_SERVERFLIGHT1]
    DEBUG: switching from [TLS13_WAITING_SERVERFLIGHT1] to [TLS13_RECEIVED_SERVERFLIGHT1]
    DEBUG: ## state=[TLS13_RECEIVED_SERVERFLIGHT1]
    DEBUG: Trying Condition [tls13_should_handle_ServerHello]
    DEBUG: Condition [tls13_should_handle_ServerHello] taken to state [TLS13_HANDLED_SERVERHELLO]
    DEBUG: switching from [TLS13_RECEIVED_SERVERFLIGHT1] to [TLS13_HANDLED_SERVERHELLO]
    DEBUG: ## state=[TLS13_HANDLED_SERVERHELLO]
    DEBUG: Trying Condition [tls13_should_handle_encrytpedExtensions]
    INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
    DEBUG: Condition [tls13_should_handle_encrytpedExtensions] not taken
    DEBUG: Trying Condition [tls13_should_handle_ChangeCipherSpec]
    DEBUG: Condition [tls13_should_handle_ChangeCipherSpec] not taken
    DEBUG: Trying Condition [tls13_missing_encryptedExtension]
    Missing TLS 1.3 EncryptedExtensions message!
    DEBUG: Condition [tls13_missing_encryptedExtension] taken to state [CLOSE_NOTIFY]
    DEBUG: switching from [TLS13_HANDLED_SERVERHELLO] to [CLOSE_NOTIFY]
    DEBUG: ## state=[CLOSE_NOTIFY]

    Trying to send a TLSAlert to the server...
    DEBUG: Trying Condition [close_session]
    DEBUG: Condition [close_session] taken to state [FINAL]
    DEBUG: switching from [CLOSE_NOTIFY] to [FINAL]
    DEBUG: ## state=[FINAL]
    Closing client socket...
    Ending TLS client automaton.
    DEBUG: Stopping control thread (tid=139722989967104)
    root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls#

    root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_server.py --psk 636c69656e74696431 --debug --handle_session_ticket
    DEBUG: Starting control thread [tid=140400778635008]
    DEBUG: Received command RUN
    DEBUG: ## state=[INITIAL]

    Starting TLS server automaton.
    Receiving 'stop_server' will cause a graceful exit.
    Interrupting with Ctrl-Z might leave a loose socket hanging.
    DEBUG: switching from [INITIAL] to [BIND]
    DEBUG: ## state=[BIND]
    DEBUG: switching from [BIND] to [WAITING_CLIENT]
    DEBUG: ## state=[WAITING_CLIENT]

    Waiting for a new client on 127.0.0.1:4433
    Accepted connection from 127.0.0.1:59432

    DEBUG: switching from [WAITING_CLIENT] to [INIT_TLS_SESSION]
    DEBUG: ## state=[INIT_TLS_SESSION]
    DEBUG: switching from [INIT_TLS_SESSION] to [WAITING_CLIENTFLIGHT1]
    DEBUG: ## state=[WAITING_CLIENTFLIGHT1]
    DEBUG: switching from [WAITING_CLIENTFLIGHT1] to [RECEIVED_CLIENTFLIGHT1]
    DEBUG: ## state=[RECEIVED_CLIENTFLIGHT1]
    DEBUG: Trying Condition [tls13_should_handle_ClientHello]
    DEBUG: Condition [tls13_should_handle_ClientHello] taken to state [tls13_HANDLED_CLIENTHELLO]
    DEBUG: switching from [RECEIVED_CLIENTFLIGHT1]

    any idea why its failing?

    root@savinv-vm1:/home/localadmin/workspace/scapy_new/scapy/test/tls# ./example_server.py --psk 636c69656e74696431 --debug --handle_session_ticket
    DEBUG: Starting control thread [tid=139891420256000]
    DEBUG: Received command RUN
    DEBUG: ## state=[INITIAL]

    Starting TLS server automaton.
    Receiving 'stop_server' will cause a graceful exit.
    Interrupting with Ctrl-Z might leave a loose socket hanging.
    DEBUG: switching from [INITIAL] to [BIND]
    DEBUG: ## state=[BIND]
    DEBUG: switching from [BIND] to [WAITING_CLIENT]
    DEBUG: ## state=[WAITING_CLIENT]

    Waiting for a new client on 127.0.0.1:4433
    Accepted connection from 127.0.0.1:59436

    DEBUG: switching from [WAITING_CLIENT] to [INIT_TLS_SESSION]
    DEBUG: ## state=[INIT_TLS_SESSION]
    DEBUG: switching from [INIT_TLS_SESSION] to [WAITING_CLIENTFLIGHT1]
    DEBUG: ## state=[WAITING_CLIENTFLIGHT1]
    DEBUG: switching from [WAITING_CLIENTFLIGHT1] to [RECEIVED_CLIENTFLIGHT1]
    DEBUG: ## state=[RECEIVED_CLIENTFLIGHT1]
    DEBUG: Trying Condition [tls13_should_handle_ClientHello]
    DEBUG: Condition [tls13_should_handle_ClientHello] taken to state [tls13_HANDLED_CLIENTHELLO]
    DEBUG: switching from [RECEIVED_CLIENTFLIGHT1] to [tls13_HANDLED_CLIENTHELLO]
    DEBUG: ## state=[tls13_HANDLED_CLIENTHELLO]
    DEBUG: switching from [tls13_HANDLED_CLIENTHELLO] to [tls13_PREPARE_SERVERFLIGHT1]
    DEBUG: ## state=[tls13_PREPARE_SERVERFLIGHT1]
    DEBUG: Trying Condition [tls13_should_add_ServerHello]
    DEBUG: Condition [tls13_should_add_ServerHello] taken to state [tls13_ADDED_SERVERHELLO]
    DEBUG: switching from [tls13_PREPARE_SERVERFLIGHT1] to [tls13_ADDED_SERVERHELLO]
    DEBUG: ## state=[tls13_ADDED_SERVERHELLO]
    DEBUG: Trying Condition [tls13_should_add_EncryptedExtensions]
    DEBUG: Condition [tls13_should_add_EncryptedExtensions] taken to state [tls13_ADDED_ENCRYPTEDEXTENSIONS]
    DEBUG: switching from [tls13_ADDED_SERVERHELLO] to [tls13_ADDED_ENCRYPTEDEXTENSIONS]
    DEBUG: ## state=[tls13_ADDED_ENCRYPTEDEXTENSIONS]
    DEBUG: Trying Condition [tls13_should_add_CertificateRequest]
    DEBUG: Condition [tls13_should_add_CertificateRequest] taken to state [tls13_ADDED_CERTIFICATEREQUEST]
    DEBUG: switching from [tls13_ADDED_ENCRYPTEDEXTENSIONS] to [tls13_ADDED_CERTIFICATEREQUEST]
    DEBUG: ## state=[tls13_ADDED_CERTIFICATEREQUEST]
    DEBUG: Trying Condition [tls13_should_add_Certificate]
    DEBUG: Condition [tls13_should_add_Certificate] taken to state [tls13_ADDED_CERTIFICATE]
    DEBUG: switching from [tls13_ADDED_CERTIFICATEREQUEST] to [tls13_ADDED_CERTIFICATE]
    DEBUG: ## state=[tls13_ADDED_CERTIFICATE]
    DEBUG: Trying Condition [tls13_should_add_CertificateVerifiy]
    DEBUG: Condition [tls13_should_add_CertificateVerifiy] taken to state [tls13_ADDED_CERTIFICATEVERIFY]
    DEBUG: switching from [tls13_ADDED_CERTIFICATE] to [tls13_ADDED_CERTIFICATEVERIFY]
    DEBUG: ## state=[tls13_ADDED_CERTIFICATEVERIFY]
    DEBUG: Trying Condition [tls13_should_add_Finished]
    DEBUG: Condition [tls13_should_add_Finished] taken to state [tls13_ADDED_SERVERFINISHED]
    DEBUG: switching from [tls13_ADDED_CERTIFICATEVERIFY] to [tls13_ADDED_SERVERFINISHED]
    DEBUG: ## state=[tls13_ADDED_SERVERFINISHED]
    DEBUG: Trying Condition [tls13_should_send_ServerFlight1]
    DEBUG: Condition [tls13_should_send_ServerFlight1] taken to state [tls13_WAITING_CLIENTFLIGHT2]
    DEBUG: switching from [tls13_ADDED_SERVERFINISHED] to [tls13_WAITING_CLIENTFLIGHT2]
    DEBUG: ## state=[tls13_WAITING_CLIENTFLIGHT2]
    INFO: TLS: record integrity check failed [TLS None:None > None:None / TLS 1.3]
    WARNING: InnerPlaintext should at least contain a byte type!
    DEBUG: Transferring exception from tid=139891420256000:
    Traceback (most recent call last):
    File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 986, in _do_control
    state = next(iterator)
    File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 1021, in _do_iter
    state_output = self.state.run()
    File "/home/localadmin/workspace/scapy_new/scapy/scapy/automaton.py", line 347, in run
    return self.func(self.automaton, self.args, *self.kargs)
    File "/home/localadmin/workspace/scapy_new/scapy/scapy/layers/tls/automaton_srv.py", line 839,

    gowda26
    @gowda26
    any idea?
    Stepan
    @StepanGavrilov
    hi everyone, how i can send assocresp_elements and vendor_elements like in hostapd but using scapy
    jamesbergeron
    @jamesbergeron
    Hi I'm hoping someone can help me. I have a new layer that we added to scapy 2.X way back when. And I am trying to use it now with python 3.9 and the decoding is not going as expected. It decodes the first chunk then moves to the next dissector and seems to just stop.
    class IPFIXHeader(Packet):
        name = "IPFIX Header"
        fields_desc = [ ShortField("version", 10),
                    FieldLenField("length",None, length_of="sets"),
                    IntField("exportTime", 0),
                    IntField("sequenceNumber", 0),
                    IntField("observationDomainId", 0),
                    PacketListField("sets",None, SetHeader, length_from=lambda pkt:pkt.length-16) ]
    
    # This calculates the length of the IPFIX message after the packet is assembled
    def post_build(self, p, pay):
        if self.length is None:
            l = len(p)+len(pay)
            p = p[:2]+struct.pack("!H", l)+p[4:]
        return p+pay
    def extract_padding(self, s):
        return "", s
    jamesbergeron
    @jamesbergeron
    class SetHeader(Packet):
          name = "Set Header"fields_desc = [ ShortField("setID", 0),
                    FieldLenField("setLength", None, length_of="records"),
                    PacketListField("records", None, None, length_from=lambda pkt:pkt.setLength-4) ]
    
    def extract_padding(self, s):
        return "", s
    # Overwrites class of packets in "records" depending on value of setID, hence allowing 
    # for correct dissection of records (into Template, Volume Record, or Performance Record)
    def do_dissect(self, s):
        flist = self.fields_desc[:]
        flist.reverse()
        while s and flist:
            f = flist.pop()
            s,fval = f.getfield(self, s)
            self.fields[f.name] = fval
            if f.name == "setID":
               if fval == 2:
                 print("Should call TemplateHeader", flush=True)
                 max(flist).cls = TemplateHeader
    class TemplateHeader(Packet):
        name = "Template Header"
        fields_desc = [ ShortField("templateID", 1000),
                                  ShortField("fieldCount", 21) ]
    def guess_payload_class(self, payload):
        print("I am in the TemplateHeader Now", flush=True)
        if (self.templateID >= 1000 and self.templateID <= 1999):
            return VolumeTemplate
    I call IPFIXHeader(packet) It seems to get as far as "Should call TemplateHeader" it then returns a IPFIXHeader but only decoded up to the sets= I don't get a Set Header or records. This same code works great in 2.x something changed with how this works?
    Mety414
    @Mety414
    Hi, I'm (was) happily using the Some/IP Class contribution for creating my own Tests Packets. Recently, I realised that I was not able to set the "method_id" field (which 2 bytes long) to something like 0x8xxx. Funny is that Scapy shows me that it sets the value as I like but when the packet is out on wire or Loop back Interface, wireshark something else. I decided to sweep the whole range (0x0000 to 0xffff) and see that in wireshark capture this value always rolls over at 0x7ffff. Anyone any idea? Thanks!
    5 replies
    Michael Bruhn
    @EviLDgL_gitlab
    I have a question on the TLS automaton. Im kinda trying to rewrite some of the code, to get it working with the master_filter approach. Why is the dissection of the TLS packets not done in the tcp_reassembly method instead of get_next_msg? If it would be done in the tcp_reassembly method there would be the chance to work with receive conditions and the master filter on the automaton itself
    and on the tcp_reassembly we already have the possibilty to do that, because we can get the unencrypted length
    bCyberBasti
    @bcyberbasti:matrix.muensterhack.de
    [m]

    I am trying to wrap my head around scapy (with rusty python knowledge in a jupyter notebook)
    I've managed to load a pcap file and I am looking at the first package.
    I am trying to reproduce wiresharks parsing of the package.
    That package contains BTP-B and Intelligent Transport Data (where the ultimate goal is to write a scapy layer for these protocols. Scapy decodes Ethernet, IP and UDP Layers and everything else is just raw hex. Wireshark shows me that the next layer is TZSP IEEE 802.11 Good
    Naive me thought that i only need to do:

    from scapy.all import *
    from scapy.contrib.tzsp import TZSP
    pcap = rdpcap("/home/jovyan/work/my.pcap")
    first_packet = pcap[0]
    first_packet[TZSP]

    but that returns : IndexError: Layer [TZSP] not found

    1 reply
    BruebachL
    @BruebachL
    Is there a way to use scapy's automaton/answering machines without sniffing? I'm getting my packets through NFQueue and can't bind to a socket/interface directly, I think?
    BruebachL
    @BruebachL
    Is it as simple as setting conf.iface (as implied here) https://stackoverflow.com/questions/25170273/working-with-multiple-interfaces-in-scapy and then yeeting the packets back to the interface with NFQUEUE.ACCEPT?
    Tanvir Kekan
    @tkekan
    Hello there, I'm hitting the below issue when using scapy to process hundreds of packets performing header manipulation from a process. I already have set the max open files to open files (-n) 1048576 as can be seen from ulimit.
    Process Process-4126:
    Traceback (most recent call last):
    File "/usr/lib64/python3.6/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
    File "/usr/lib64/python3.6/multiprocessing/process.py", line 93, in run
    self._target(self._args, self._kwargs)
    File "<>", line 286, in send
    self._sendComposite(pkt, padToLength)
    File "<>", line 276, in _sendComposite
    send(packet, verbose=0)
    File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 429, in send
    kargs
    File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 394, in _send
    socket = socket or _func(iface)(iface=iface, *
    kargs)
    File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 503, in init
    _flush_fd(self.ins.fileno())
    File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 460, in _flush_fd
    r, w, e = select([fd], [], [], 0)
    ValueError: filedescriptor out of range in select()
    Tanvir Kekan
    @tkekan

    Hello there, I'm hitting the below issue when using scapy to process hundreds of packets performing header manipulation from a process. I already have set the max open files to open files (-n) 1048576 as can be seen from ulimit.
    Process Process-4126:
    Traceback (most recent call last):
    File "/usr/lib64/python3.6/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
    File "/usr/lib64/python3.6/multiprocessing/process.py", line 93, in run
    self._target(self._args, self._kwargs)
    File "<>", line 286, in send
    self._sendComposite(pkt, padToLength)
    File "<>", line 276, in _sendComposite
    send(packet, verbose=0)
    File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 429, in send
    kargs
    File "/usr/local/lib/python3.6/site-packages/scapy/sendrecv.py", line 394, in _send
    socket = socket or _func(iface)(iface=iface, *
    kargs)
    File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 503, in init
    _flush_fd(self.ins.fileno())
    File "/usr/local/lib/python3.6/site-packages/scapy/arch/linux.py", line 460, in _flush_fd
    r, w, e = select([fd], [], [], 0)
    ValueError: filedescriptor out of range in select()

    @tkekan
    This error is usually seen after Process Process-1016
    just before issue starts.
    bash-4.2$ cat /proc/sys/fs/file-nr
    3040 0 6155890

    Initial state :
    bash-4.2$ cat /proc/sys/fs/file-nr
    2176 0 6155890

    Tanvir Kekan
    @tkekan
    hello can anyone please help me in regards to the above query ?
    Chayni
    @Chayni
    Hey, can somone please help me delete a route? Im having trouble. https://stackoverflow.com/questions/73055291/cant-delete-a-route-from-scapys-route-table
    Rene Larige
    @Renelari_gitlab
    Hi. When using the 'sniff' method, what is the difference between using a filter at the sniff call level and filtering in the callback method passed to the sniff call ? Performance? Or just the same but a personal preference? Thank you !
    Rene Larige
    @Renelari_gitlab
    (I know filter is sent to libpcap, but does that make a significant difference?)
    Another precision: I use simple filters for wireless, like beacons or probe requests
    yoann-dewilde
    @yoann-dewilde

    Hello, I'm trying to sniff TCP packets from my PC to an Ethernet/RS485 adapter (IP: 192.168.0.97, port: 502). So I tried both

    sniff(iface=None, prn=Packet.summary, filter="tcp port 502")
    # and
    sniff(iface=None, prn=Packet.summary, filter="ip host 192.168.0.97")

    But none of these print packets.