当scapy和pypcap丢失严重时如何嗅探python上的所有数据包? [英] How to sniff all packets on python when scapy and pypcap have serious loss?

问题描述

我尝试使用 python 在 Win10 上嗅探数据包.但是，我发现很多数据包实际上被 scapy 丢弃了.

I tried to sniff packets on Win10 using python. However, i find a lot of packets are actually dropped by scapy.

例如，我从 ftp 下载了一个 2 MB 的文件，wireshark 捕获了近 2000 个数据包，而 scapy 只捕获了 500 个.

For example, I download a file of 2 MB from ftp, the wiresharks captures nearly 2000 packets and the scapy only captures 500.

我尝试过 pypcap，结果几乎一样，超过一半的数据包被丢弃，尤其是在下载时.

I have tried pypcap and the result is almost the same, more than half of the packets are dropped, especially on downloading.

是否有解决方案可以避免这种丢失并使 scapy 执行与wireshark 相同的性能，或者 python 上没有能够在短时间内缓冲大量数据包的库?

Is there a solution to avoid such loss and make scapy perform the same as wireshark, or there is no library on python capable of buffering a lot of packets in short time?

推荐答案

您可以让 Scapy 使用 tcpdump(或 Windows 下的 windump)为您嗅探数据包，例如:

You can have Scapy use tcpdump (or windump under Windows) to sniff the packets for you, using for example:

sniff(opened_socket=L2ListenTcpdump())

这篇关于当scapy和pypcap丢失严重时如何嗅探python上的所有数据包?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！