Reputation: 71
Fragmented packets reception delayed using Scapy
I'm using Scapy (2.5.0) and Python (3.11.5) in order to sniff packets from a specific application. In order to do so, i wrote the following (simplified, but the problem still occurs with this piece of code)
from scapy.all import *
def callback(packet):
load: bytes = bytes(packet[TCP].payload)
ip_layer = packet.getlayer(IP)
ip_id = int(ip_layer.id)
print(ip_id, len(load))
sniff(filter='ip and src host xx.xx.xx.xx',prn=callback)
The source has to sometimes send a lot of data. To do so, it's sending two packets (ore more) with the data split. I correctly receive and print the first one, but the second one is only printed when a third packet is received, which gives something like that :
packet_1 received:
load: b"a lot of data that needs to b"
ip_id: 1
...
...
some time elapsed
...
...
packet_2 received:
load: b"e split in several packets\x00"
ip_id: 2
packet_3 received:
load: b"data that has no connection with the two previous packets\x00"
ip_id: 3
The application I want to sniff from is correctly receiving both packets "at the same time" because it shows consistent data. I think the application is using the \x00 end byte to join splited data.
Could the problem come from the first packet load that doesn't end by \x00 ? Am I missing something ? Is that a known issue of Scapy ?
Upvotes: 1
Views: 123
Answers (0)
Related Questions
- Python - scapy timeout option not working at all
- Iterating over dictionaries using 'for' loops
- How do I escape curly-brace ({}) characters characters in a string while using .format?
- Calling a function of a module by using its name (a string)
- How to calculate packet loss rate with scapy?
- Scapy show packet content after sniffing it - UnicodeEncodeError
- Python3 Scapy - Sniff fragmented IP packets
- Python scapy raw to hex
- Time between receiving packets in Scapy
- how to use packets sniffed with scapy