scapy中的嗅探功能过滤器无法正常工作 [英] the filter of sniff function in scapy does not work properly

问题描述

sniff函数的filter似乎无法正常工作.

It seems that the filter of sniff function does not work properly.

我正在使用以下过滤器执行嗅探

I m executing the sniff with the following filter

a=sniff(count=1,filter="tcp and host 192.168.10.55 and port 14010")

但是有些时候sniff会像这样捕获UDP数据包:

But some time the sniff catch an UDP packet like this:

>>> a=sniff(count=1,filter="tcp and host 192.168.10.55 and port 14010")
>>> a
<Sniffed: TCP:0 UDP:1 ICMP:0 Other:0>

有时sniff捕获端口错误的TCP数据包:

And some time the sniff catch a TCP packet with wrong ports:

>>> a=sniff(count=1,filter="tcp and host 192.168.10.55 and port 14010")
>>> a
<Sniffed: TCP:1 UDP:0 ICMP:0 Other:0>
>>> a[0]
<Ether  dst=00:26:55:cb:3b:10 src=00:22:64:55:c8:89 type=0x800 |<IP  version=4L ihl=5L tos=0x10 len=92 id=8683 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9484 src=192.168.1.71 dst=192.168.1.133 options=[] |<TCP  sport=ssh dport=1874 seq=350107599 ack=2484345720 dataofs=5L reserved=0L flags=PA window=254 chksum=0x846b urgptr=0 options=[] |<Raw  load="yn\x01\x9d\xfca\xc9V-8\x18|\xc4\t\xf1\xc4\xd8\xd3\xc6\x95E\x19'h\xc0\x89\xf1\x08g\xa3\x9a\xa9\xf51RF\xc2\x1f\xe5a\xac\x83M\xc9\x0b\x80\x85\x1b\xcf\xb6f\xcc" |>>>>

有时sniff会像这样捕获ARP数据包:

And some time the sniff catch an ARP packet like this:

>>> a=sniff(count=1,filter="tcp and host 192.168.10.55 and port 14010")
>>> a
<Sniffed: TCP:0 UDP:0 ICMP:0 Other:1>
>>> a[0]
<Ether  dst=ff:ff:ff:ff:ff:ff src=00:22:07:2c:53:97 type=0x806 |<ARP  hwtype=0x1 ptype=0x800 hwlen=6 plen=4 op=who-has hwsrc=00:22:07:2c:53:97 psrc=192.168.1.178 hwdst=ff:ff:ff:ff:ff:ff pdst=192.168.1.179 |<Padding  load='\x00\x07\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x00\x00\x01\x14\x00\x00' |>>>

我在过滤器中缺少什么吗?我该如何避免这个问题?

Am I missing something in my filter? How I can avoid this problem?

推荐答案

您可以在以下站点中检查过滤器的语法 http://biot.com/capstats/bpf.html .我遇到了类似的问题，它为我工作.

You can check into the syntax of filters in the following site http://biot.com/capstats/bpf.html. I was facing similar kinds of problems and it worked for me.

您可能希望参考以下问题: https: //stackoverflow.com/questions/37453283/filter-options-for-sniff-function-in-scapy# =

You might like to refer to this question: https://stackoverflow.com/questions/37453283/filter-options-for-sniff-function-in-scapy#=

您还可以尝试通过在运行代码之前打开所需的端口来测试程序.

You can also try to test your program by opening the required ports before running code.

这篇关于scapy中的嗅探功能过滤器无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！