问题
I am using Scapy and would like to filter based on the destination mac address.
However, I am getting packets displayed where the destination MAC address is not the address specified in the filter.
Here is a code snippit:
from scapy.all import *
sniff(iface="eth1", filter="ether dst host 91:e0:f0:01:00:00",
count=3, prn=lambda x: x.show())
I am running Scapy 2.2.0
Any ideas on the issue here?
回答1:
Scapy requires numerous dependencies for many different systems. It is quiet possible that you don't have the required dependency for BPF filters to work.
http://www.secdev.org/projects/scapy/portability.html
回答2:
It's scapy fault!!! It seems that scapy starts receiving packets before applying the BPF filter (filter argument of sniff function). It takes a while to get work properly!
Two methods to get rid of this:
- Use
lfilterto define your filtering function inside the script. It's not efficient on busy link because filter is applied in your script, instead of kernel. Consider usingpypyto speed it up. - For some first packets check destination MAC address inside your script and then don't check it anymore; i.e check correctness of the packet in the beginning time of sniffing to pass unstable phase of
scapyand then rely onscapyto filter the unwanted packets.
回答3:
Installing tcpdump solved the problem for me - now the filter on sniff works
回答4:
In my case, upgrading to 2.3.3dev (github version), fixed it
来源:https://stackoverflow.com/questions/12011089/scapy-bpf-filter-not-working