Filtering scapy packet information Python

1
votes

I am writing a program that involves scapy and I am trying to sniff all the packets and search a specific keyword in each packet (like "TCP")

Here is the code that sniffs all the packets:

def pkt_callback(pkt):
    pkt.show()

sniff(iface = 'eth0', prn = lambda x : x.show())

And here's the code trying to present only tcp packets

from scapy.all import *
global my_raw
my_raw = "tcp"

def pkt_callback(pkt):
    global my_raw
    if my_raw in pkt:
        pkt.show() 

sniff(iface='eth0', filter="", prn=lambda x: x.show())
print sniff
2
pythonscapy
Are you looking to present only packets that include the TCP layer? If so, does it work if you use uppercase "TCP" instead of lowercase "tcp" and set prn=pkt_callback?Yoel

2 Answers

0
votes

First of all create a variable and inset the value you want to filter by, then use the python x in y option to check if the packet contains what you are filtering by.

from scapy.all import *
global my_keyword
my_keyword = TCP


def pkt_callback(pkt):
    global my_keyword 
    if my_keyword in pkt:
        pkt.show()
        print "recognized TCP packet"

    else:
        pkt.show()
        print "This packet is not TCP"

sniff(iface='eth0', filter="", prn=pkt_callback)
0
votes

You can use haslayer() method 

def pkt_callback(pkt):
    if pkt.haslayer(TCP):
        pkt.show()

sniff(iface = 'eth0', prn = lambda x : x.show())