Packet matching behavior in scapy

Question

Background:

I'm using scapy to test a network device that can selectively loop-back packets by swapping source/dest MACs, IP addresses, and layer 4 port numbers. Swapping can be selected for layer_2_only, layers_2_and_3, layers_2_3_and_4. I'm running scapy on a server, transmitting packets to the device and validating that the packets sent back have the appropriate source/dest fields swapped depending on the setting.

Problem:

The scapy srploop() method, which sends packets and receives matches works well for message types like PING and ARP. I'm finding that if I transmit a UDP packet and the source/dest ports are not reversed by the loop-back device, then scapy doesn't treat the looped-back packet like a match. When the port numbers are reversed by the loop-back device, the packets are detected as matches.

Questions:

1. Is there a way to override or otherwise influence scapy's packet matching logic? For example, being able to disable matching at layer 4 would be useful. I've looked at the documentation and haven't come across anything that suggests that this is possible.

2. Is there another way to achieve this in scapy. I've experimented with using send() followed by sniff() but I haven't been successful at capturing the replies using that method.

Answer 1

For the second part of the question, you might want to try the approach I've mentioned in Scapy fails to sniff packets when using multiple threads.

Basically, run the sniffer on a separate thread and filter out the return traffic into a Queue, which can then be accessed from the main thread which is doing the send(). So you have sending and receiving going on at the same time (on two threads).

The only problem is that on my particular setup, I came across some weird behaviour in the sniffer where it fails to apply the filter when run on a separate thread. Hopefully, you'll have better luck.

UPDATE: That problem with the sniffer was solved (refer my question linked above).

Hope this helps!