Python scapy show ip of the ping (echo) requests

Question

I want to grab and print the source address of the ping requests. I have the following script:

pkt = sniff(filter="icmp", timeout =15, count = 15)
if pkt[ICMP].type == '8':
    print pkt[IP].src

When a packet arrives script crashes with

 AttributeError:'list' object has no attribute 'type'

However on the scapy console I can see clearly that this exist!

>>>packet=IP()/ICMP()/"AAAAAA"
>>>packet[ICMP].type
8
>>>

Any thoughts??

I changed for testing purposes (!) my script to the following:

pkts=sniff(filter="icmp", timeout=120,count=15)

for packet in pkts:
    if packet.haslayer(IP) and str(packet.getlayer(IP).src)=="127.0.0.1"
       print "packet arrived"
           if packet.haslayer(ICMP) and str(packet.getlayer(ICMP).type)=="8":
                print(packet[IP].src)

The above after doing a ping:

ping localhost -c 3

produces the following awkward result:

packet arrived
127.0.0.1
packet arrived
127.0.0.1
packet arrived
packet arrived
packet arrived
127.0.0.1
packet arrived
127.0.0.1
packet arrived
packet arrived
packet arrived
127.0.0.1
packet arrived
127.0.0.1
packet arrived

We can ignore the "packet arrived" multiple times because other packets are reaching my host as well. But why I see 6 times the 127.0.0.1 when I sent 3 echo requests ? Even if I remove the for loop the same results are happening.

Padraic Cunningham · Accepted Answer

You have multiple packets so you can either index or iterate over:

from scapy.all import *
pkts = sniff(filter="icmp", timeout =15,count=15)

for packet in pkts:
     if  str(packet.getlayer(ICMP).type) == "8": 
        print(packet[IP].src)

Or using indexing to get the forst packet:

from scapy.all import *
pkts = sniff(filter="icmp", timeout =15,count=15)

if pkts  and str(pkts[0].getlayer(ICMP).type) == "8": 
        print(pkts[0][IP].src)

Python scapy show ip of the ping (echo) requests

Answers (2)

Related Questions