Reputation:
Scapy cannot sniff some packets
I've tried using Scapy's sniff function to sniff some packets and compared it to Wiresharks output. Upon displaying Scapy's sniffed packets and Wireshark's sniffed packets on the same interface, I discover that Wireshark can sniff some packets that Scapy was apparently not able to sniff and display. Is there a reason why and if so how can I prevent it so Scapy does not 'drop' any packets and sniffs all the packets Wireshark can receive?
Upvotes: 0
Views: 839
Answers (1)
Reputation: 13
Scapy itself has many libraries and extensions which are either pre-installed or you will have to install it based on your needs. Your question is a bit vague about what exactly is your comparison factor here between the two, but for example, Scapy will need a HTTPS decoder library installed for decoding the information of those packets. Also in Scapy, you can write your own protocol as you deem. But again if you are doing real-time parsing without a PCAP file Scapy is a good option even with the packet drop ratio. But if you are not concerned about the PCAP file I suggest to use Wireshark/TCPdump and record a PCAP file. You can dissect the PCAP file using Scapy then. Hope this helps.
Upvotes: 0
Related Questions
- the filter of sniff function in scapy does not work properly
- Scapy sniff filter not functioning
- Scapy sniff not working
- Scapy not capturing any packets
- Scapy sniff() doesn't seem to capture TCP packets, only shows ethernet frames
- python-3.4 Scapy sniffing
- Packets sent with scapy don't arrive and can't be sniffed
- scapy sniff function not catching any packets
- Scapy fails to filter certain packets
- How to sniff specific packets using python module Scapy?