Filter options for sniff function in scapy

Question

Filter options for sniff function in scapy

I am working on a scapy tool, where at some point I need to sniff a protocol-based packet and the destination ip address

I would like to learn about ways to use the filter option in the sniff () function. I tried using the format in the documentation, but most of the time it leads to such problems. The sciff function sniff filter does not work properly .

The one I used was

a=sniff(filter="host 172.16.18.69 and tcp port 80",prn = comp_pkt,count = 1)

Thanks in advance!

+3

python linux networking ethernet scapy

Venkat ramana May 26 '16 at 6:37

source share

1 answer

Jeff bencteux · Accepted Answer · 2016-05-26T07:07:20+0000

sniff() uses the Berkeley Packet Filter (BPF) (same as tcpdump ), here are some examples:

Packets from or to host:

 host xxxx

TCP SYN segments only:

 tcp[tcpflags] & tcp-syn != 0

All ICMP, but echo requests / responses:

 icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply

Filter options for sniff function in scapy

More articles: