tcpdump: pcap_loop: The interface went down). After I manually restart tcpdump it keeps on showing the packets I am looking for. However scapy look like it hangs after I restarted the interface and does not get back to the state where it can sniff. Has anbody an idea on how to fix/ work around this problem? I am unfortunately in the situation where the interface needs to restart for a second. Thank you!
@gpotter2 From my tests it does stop sniffing (because I do not see any packets anymore) and never crashes as well. I just can see that restarting tcpdump does get the packets while scapy with the same filter skips them all, therefore I think that it stopped sniffing. Unfortunately no exception is dropped. I do not get the OSError for an unavailable network device. I only get this if I start the sniff with an interface that's not available at the startup.
Reloading the interfaces/ routes is defintely a great idea that I will try. Guess the only problem is then that I do not know when exactly the interface goes down.
Also it could be a problem that the script runs on a Pi0. The imports of the needed scapy lib parts take quite a while, therefore I can not easily start a new instance of the script.
\\Device\\NPF_Loopbackbut this doesn't work as a name to give for "iface".
struct.error: required argument is not an integer
from scapy.all import srp, Ether...would result in a FileNotFound exception -- however I was able to remedy the issue by changing line 30 of
LIBC = cdll.LoadLibrary(find_library("c"))
Hi everybody, recently i started working on a new project, basically my aim is to intercept live network packets, to intercept emails and scan the attachments, all is working fine until i send mails with total dimension > 100KB, in which case capture of the single email stops, and parsing result obviously in a corrupted attachment. Is there any hard limit inside scapy lib? Or am I doing something wrong?
Scapy version is 2.4.3
Script is installed on a pfSense 2.4.5, FreeBSD 11.3-STABLE
def startSniffer(interface): ip_addr = get_if_addr(interface) sniff(iface=interface, prn=packet_filter, filter="port 993 or port 143 or port 110 or port 995")
def packet_filter(pkt): flags = pkt.sprintf("%r,TCP.flags%") if flags == "PA": non_escaped_load = str(pkt.getfieldval("load")) if flags == "A": non_escaped_load = str(pkt.payload.payload.payload) load = bytes(non_escaped_load, "utf-8").decode("unicode-escape")
and then i start parsing the payload
i used the command
pip install scapy
but i didn't use these:
pip install --pre scapy[basic]
pip install --pre scapy[complete]
because I got a weird error with the last two. I thought using the last one would work because I figured it would install libpcap correctly but pip said it couldn't find any program with that name.
Okay so I uninstalled the libpcap I had installed with brew and I uninstalled the scapy I installed with pip. Then I cloned the repo using the instructions and tried to run the sniff filter without libpcap installed from brew and I got the same error message and then I tried installing libpcap again with brew and tried running the sniff fitler and got the same message.
Could this be because I have libpcap installed with homebrew. I tried using pip but pip says there is nothing it can find with the name libpcap. When I install it with brew it tells me that libpcap is keg-only and that macOS already provides this software built in and that if I need libpcap in the PATH i should use this command:
echo 'export PATH="/usr/local/opt/libpcap/bin:$PATH"' >> ~/.zshrc
I guess i really dont know what any of that means. but it seems like if macOS already has libpcap built in I shouldnt need to install it at all, but even with the brew version uninstalled nothing works.
Brew also says :
For compilers to find libpcap you may need to set: export LDFLAGS="-L/usr/local/opt/libpcap/lib" export CPPFLAGS="-I/usr/local/opt/libpcap/include"
is scapy a compiler? I don't really know what that means. I have tried running these commands as they are printed but it didn't work.
sr(IP(dst="192.168.1.1-10")/ICMP(), timeout=2, save_unanswered=False) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3/dist-packages/scapy/sendrecv.py", line 510, in sr result = sndrcv(s, x, *args, **kargs) File "/usr/lib/python3/dist-packages/scapy/sendrecv.py", line 278, in sndrcv sndrcver = SndRcvHandler(*args, **kwargs) TypeError: __init__() got an unexpected keyword argument 'save_unanswered'
@gpotter2 Okay I think you are on to something here. So put in that import statement and I get:
--------------------------------------------------------------------------- OSError Traceback (most recent call last) <ipython-input-1-78641cd0714a> in <module> ----> 1 import scapy.libs.winpcapy ~/scapy/scapy/libs/winpcapy.py in <module> 36 _lib_name = find_library("pcap") 37 if not _lib_name: ---> 38 raise OSError("Cannot find libpcap.so library") 39 _lib = CDLL(_lib_name) 40 OSError: Cannot find libpcap.so library
so it seems it cannot find it at all.