Reputation: 66
Scapy. Failed to compile filter expression. MacOS
I filter for Association Requests using Scapy's sniff:
sniff(iface=INTERFACE, filter="type mgt subtype assoc-req", prn=assoc_req_parse, store=0)
When I run this on my Macbook this error occurs:
Traceback (most recent call last):
File "assoc_req.py", line 63, in <module>
main()
File "assoc_req.py", line 61, in main
sniff(iface=INTERFACE, filter="type mgt subtype assoc-req", prn=assoc_req_parse, store=0)
File "~/env/lib/python3.8/site-packages/scapy/sendrecv.py", line 1036, in sniff
sniffer._run(*args, **kwargs)
File "~/env/lib/python3.8/site-packages/scapy/sendrecv.py", line 906, in _run
sniff_sockets[L2socket(type=ETH_P_ALL, iface=iface,
File "~/env/lib/python3.8/site-packages/scapy/arch/bpf/supersocket.py", line 242, in __init__
super(L2bpfListenSocket, self).__init__(*args, **kwargs)
File "~/env/lib/python3.8/site-packages/scapy/arch/bpf/supersocket.py", line 118, in __init__
attach_filter(self.ins, filter, self.iface)
File "~/env/lib/python3.8/site-packages/scapy/arch/bpf/core.py", line 119, in attach_filter
bp = compile_filter(bpf_filter, iface)
File "~/env/lib/python3.8/site-packages/scapy/arch/common.py", line 128, in compile_filter
raise Scapy_Exception(
scapy.error.Scapy_Exception: Failed to compile filter expression type mgt subtype assoc-req (-1)
The syntax "type mgt subtype assoc-req" is BPF compatible (see man pcap-filter).
For Macbook I set INTERFACE = "en0"
I tried this on a Linux machine with INTERFACE = "wlan0" and all works as expected, Scapy does compile this filter correctly.
My best guess is that Scapy can't detect link-type for en0 to set an 802.11 filter because it treats en0 as an Ethernet 802.3 interface.
Update. When I run sudo tcpdump -Ini en0 type mgt subtype assoc-req it works, it filters for assoc-req without problems.
Upvotes: 0
Views: 3099
Answers (1)
Reputation: 116
My best guess is that Scapy can't detect link-type for en0 to set an 802.11 filter because it treats en0 as an Ethernet 802.3 interface.
That's correct. You will only get 802.11 headers if you capture in monitor mode; that's what the -I flag to tcpdump does.
On Linux, if a "wlan0" interface has been created by the usual mechanism, it captures in monitor mode by default. macOS works differently. (When it comes to turning monitor mode on, everything works differently from everything else, which is why I had to spend so much time doing different implementations of monitor mode for different OSes in libpcap.)
See page 51 of this edition of the Scapy documentation.
Upvotes: 1
Related Questions
- ImportError: No module named scapy.all
- filter command in scapy is not working, I am running in windows
- the filter of sniff function in scapy does not work properly
- Python3 scapy failed to get the MAC address
- Filtering packets by src mac in scapy
- Scapy sniff filter not functioning
- Using scapy with wifi
- Scapy throwing syntax error for python 2.6.6 application
- Scapy fails to filter certain packets
- Netfilter and Scapy