Reputation: 1056
Scapy multiple sniff filters not working?
So I'm using this filter for sniff :
myfilter = 'tcp and tcp.flags.syn==1 and tcp.flags.ack==0 and tcp.flags.psh==0'
sniff(iface="myinter" , filter=myfilter , prn=mitm , count=1 )
and it gets packets without the specified flags as well :
i want only flags that are ACK=0, SYN=1 and PSH=0, but this is not working
i also tried not using == and just use tcp.flags.syn 1 and still didnt work
am i doing something wrong here?
UPDATE:
it looks like it gives syntax error to something as well:
tcpdump: syntax error
but when i just use tcp or TCP it doesn't give any syntax error, this error doesnt stop the program but it looks like it stops the filtering
even when i just used tcp.flags.syn==1 or tcp.flags.syn 1 it still gave this syntax error... my scapy is 2.4
Upvotes: 2
Views: 1449
Answers (1)
Reputation: 6237
The filter you are using is simply not a valid PCAP filter (hence the syntax error message). On a Unix system, you can have a look at the pcap-filter(7) and the tcpdump(1) manpages for more information about the syntax you can use.
Something like this should work:
myfilter="tcp[tcpflags] & (tcp-syn|tcp-ack|tcp-push) == tcp-syn"
sniff(iface="myinter" , filter=myfilter, prn=mitm , count=1)
Upvotes: 2
Related Questions
- Filter options for sniff function in scapy
- Scapy filtering with sniff() function
- the filter of sniff function in scapy does not work properly
- Scapy sniff in non blocking way
- Scapy sniff filter not functioning
- Use multiple filters in Scapy's "sniff" function
- Sniff error in Scapy
- scapy sniff function not catching any packets
- Scapy fails to filter certain packets
- Python Scapy not sniffing