I'm working on a scapy based tool where at a point I need to sniff a packet based on protocol and the ip address of the destination
I'd like to know about the ways in which filter option in sniff() function can be used. I tried using format in documentation but most of the times it results in problems like this. the filter of sniff function in scapy does not work properly .
The one which I used was
a=sniff(filter="host 172.16.18.69 and tcp port 80",prn = comp_pkt,count = 1)
Thanks in advance!
Sniffing packets using scapy: To sniff the packets use the sniff() function. The sniff() function returns information about all the packets that has been sniffed. To see the summary of packet responses, use summary(). The sniff() function listens for an infinite period of time until the user interrupts.
The prn argument is defined as: prn: function to apply to each packet. If something is returned, it is displayed. For instance you can use prn = lambda x: x.
Scapy runs natively on Linux, Windows, OSX and on most Unixes with libpcap (see scapy's installation page). The same code base now runs natively on both Python 2 and Python 3.
sniff()
uses Berkeley Packet Filter (BPF) syntax (the same one as tcpdump
), here are some examples:
Packets from or to host:
host x.x.x.x
Only TCP SYN segments:
tcp[tcpflags] & tcp-syn != 0
Everything ICMP but echo requests/replies:
icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With