Reputation: 6779
Scapy fails to filter certain packets
I have got a simple sniff function set up with scapy which forwards the packet to a handshake function (I have a webserver set up on port 102. However some weird errors have come by, then I decided to print pkt.show(), what I discovered was that some packages DID come through the filter somehow.
My sniff function:
a=sniff(filter="port 102", count=10, prn=handshake)
This packet manages to come through:
###[ Ethernet ]###
dst = 84:8f:69:f5:fe:ac
src = b8:27:eb:92:a3:3b
type = 0x800
###[ IP ]###
version = 4L
ihl = 5L
tos = 0x0
len = 44
id = 1
flags =
frag = 0L
ttl = 64
proto = tcp
chksum = 0xe6c6
src = 192.168.137.178
dst = 192.168.137.1
\options \
###[ TCP ]###
sport = iso_tsap
dport = 2426
seq = 605952828
ack = 605952829
dataofs = 6L
reserved = 0L
flags = SA
window = 8192
chksum = 0x5b7c
urgptr = 0
options = [('MSS', 1460)]
As you can see the destination port is 2426, which is definetely not port 102.
Have I done something dumb?
Upvotes: 1
Views: 703
Answers (1)
Reputation: 9614
The source port in the enclosed packet is iso_tsap which is 102. If you want to filter by the destination port try the filter "dst port 102". If you need something a bit more sophisticated, here is the syntax of BPF, which is used by scapy.
Upvotes: 2
Related Questions
- Filter HTTP Get requests packets using scapy
- scapy did not send packets
- the filter of sniff function in scapy does not work properly
- Scapy sniff filter not functioning
- Scapy not capturing any packets
- scapy: error sending packets
- Scapy and sniff. how can I filter TCP SYN?
- Packets sent with scapy don't arrive and can't be sniffed
- scapy sniff function not catching any packets
- Netfilter and Scapy