Reputation: 401
Python based network sniffer (scapy not good enough?)
I am looking for the specific task: Grab the payload/data from a packet -> Append to a file... BUT. I want specifically to follow packets according to flags/ICMP types/etc... So lets say I want specifically to take the payload of "echo" packets and not the rest.
My (ineffective) code is the following:
from scapy.all import *
f= open('filecaptured', 'a+')
def pkt_diam(pkt):
raw = pkt.getlayer(Raw).load
print raw
# pkt.show()
# fo = open("payload", "wb")
f.write(raw);
sniff (filter="icmp" , store=0, prn=pkt_diam, timeout = 120 )
The problem here is that I cannot find a way to sniff specifically for "type = echo request" and the only parameters that I can use is 'protocol' and host or 'and not host 127.0.0.1'.
Is there a way around this?
I think for this one I need to use ctypes and libpcap.so but I am not sure... (I didnt find any [other] libraries for python - sniffing )
Upvotes: 0
Views: 542
Answers (2)
Reputation: 11
Try filter="icmp[0]=8" for filtering during capture or
if pkt[ICMP].type==8:
in callback function.
Upvotes: 1
Reputation: 1134
I don't have scapy installed right now, but what if you simply check for the type echo-reply in your callback-function pkt_diam:
if not "echo-reply" in pkt.show():
return
Upvotes: 1
Related Questions
- Python/Scapy: sniff only incoming packets
- Python3 Scapy - Sniff fragmented IP packets
- Scapy - TCPSession from list of packets
- How to use scapy to capture traffic like wireshark?
- Scapy sniff() doesn't seem to capture TCP packets, only shows ethernet frames
- Scapy - the interface of a sniffed packet
- python-3.4 Scapy sniffing
- Scapy: Sniffing for self made layers
- scapy sniff function not catching any packets
- Scapy packet sniffer triggering an action up on each sniffed packet