I am using Scapy and would like to filter based on the destination mac address.
However, I am getting packets displayed where the destination MAC address is not the address specified in the filter.
Here is a code snippit:
from scapy.all import *
sniff(iface="eth1", filter="ether dst host 91:e0:f0:01:00:00",
count=3, prn=lambda x: x.show())
I am running Scapy 2.2.0
Any ideas on the issue here?
Scapy requires numerous dependencies for many different systems. It is quiet possible that you don't have the required dependency for BPF filters to work.
It's scapy fault!!! It seems that scapy starts receiving packets before applying the BPF filter (filter argument of sniff function). It takes a while to get work properly!
Two methods to get rid of this:
- Use
lfilterto define your filtering function inside the script. It's not efficient on busy link because filter is applied in your script, instead of kernel. Consider usingpypyto speed it up. - For some first packets check destination MAC address inside your script and then don't check it anymore; i.e check correctness of the packet in the beginning time of sniffing to pass unstable phase of
scapyand then rely onscapyto filter the unwanted packets.
Installing tcpdump solved the problem for me - now the filter on sniff works
In my case, upgrading to 2.3.3dev (github version), fixed it
来源:https://stackoverflow.com/questions/12011089/scapy-bpf-filter-not-working