Menu
I am new to scapy and I am trying to use the sr and sr1 functions to understand their workings.
I was trying to craft the following packet and I see that it has sent 1 packet but it says that it has received 581 packets. Can someone please help me understand why it's showing so many packets received.
Received 1373 packets, got 0 answers, remaining 1 packets
>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)
My TCPDump output does not show that it received so many packets.
334
The sr() function is for sending packets and receiving answers. The function returns a couple of packet and answers, and the unanswered packets. The function sr1() is a variant that only return one packet that answered the packet (or the packet set) sent. The packets must be layer 3 packets (IP, ARP, etc.).
The function sr1() is a variant that only returns one packet that answered the packet (or the packet set) sent.
The sr() and sr1() functions will send a packet and listen on the network for the corresponding answers in the case of sr(), sr1() will wait for just one answer.
The packets that were received but were not answers are the packets Scapy sniffed while looking for a response to your original packet. I am unsure of how sniffing with tcpdump while also using Scapy will affect your results - not sure what process the kernel will pass packets to.
Here is an excellent tutorial on Sending and Receiving with Scapy from thePacketGeek.
Also be sure to use the __doc__ attribute of various Scapy functions in an interpreter to get relevant documentation.
>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface
>>>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
