Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Scapy packet sniffer triggering an action up on each sniffed packet

Tags:

python

networking

packet-sniffers

scapy

I'm using scapy with python to sniff live traffic.

capture=sniff(iface="<My Interface>", filter="tcp")

But this sniffs each packet and adds it to the list capture which can be processed later.

I want to process a packet and display few fields of the packet, as soon as it's sniffed. i.e. upon sniffing a packet, it'll trigger a function where I can analyse that packet. And this would continue for few packets.

I've the function ready which I'm using with the captured packet list. But I'm unable to use it for each live packet.

How to achieve that? Is it possible with scapy or do I need to install any other package?

like image 985
RatDon Avatar asked Feb 03 '15 05:02

RatDon

People also ask

How does Scapy sniff work?

Sniffing packets using scapy:The sniff() function listens for an infinite period of time until the user interrupts. To restrict the number of packets to be captured sniff() allows a count parameter. By specifying a value for the count, the packet capturing will be restricted to the specified number.

What is PRN in Scapy sniff?

prn: function to apply to each packet. If something is returned, it is displayed.

What is packet sniffing How is it done what are the threats due to packet sniffing?

Packet sniffing is a technique whereby packet data flowing across the network is detected and observed. Network administrators use packet sniffing tools to monitor and validate network traffic, while hackers may use similar tools for nefarious purposes.

What is the difference between send and Sendp in Scapy?

The send() function will send packets at layer 3. That is to say, it will handle routing and layer 2 for you. The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.

1 Answers

The parameters to the sniff function should be like the below code.:

from scapy.all import *

def pkt_callback(pkt):
    pkt.show() # debug statement

sniff(iface="<My Interface>", prn=pkt_callback, filter="tcp", store=0)

store=0 says not to store any packet received and prn says send the pkt to pkt_callback.

Source.

As mentioned by Yoel, if only one action is required, lambda can be used with prn instead of a new function like in this case:

sniff(iface="<My Interface>", prn = lambda x: x.show(), filter="tcp", store=0)
like image 174
RatDon Avatar answered Sep 19 '22 11:09

RatDon
Sign in to Comment

Related questions

Animation using matplotlib with subplots and ArtistAnimation
Sqlalchemy session.refresh does not refresh object
"pip install SQLAlchemy" Results in "fatal error: Python.h: No such file or directory"
Python: What does *= mean?
Creating raw socket in Python without root privileges
How Do I Setup SublimeREPL with Anaconda's interpreter?
Elastic Beanstalk connect to RDS from shell SSH
Reorder model objects in django admin panel
Cx-Freeze Error - Python 34
OpenCV Python Video playback - How to set the right delay for cv2.waitKey()
Strange Queue.PriorityQueue behaviour with multiprocessing in Python 2.7.6
Python: can I safely unpickle untrusted data?
Replace all the occurrences of specific words
pymongo error when writing
Passing newline within string into a python script from the command line
Position 5 subplots in Matplotlib
MongoEngine: storing EmbeddedDocument in DictField
how can i query data filtered by a JSON Column in SQLAlchemy?
Extracting image from video at a given time using OpenCV
give parameter(list or array) to in operator - python, sql [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!