I am having an issue with scapy's timeout option when sniffing packets. From what I understand, if you use something like this :
test = sniff(filter="ip and icmp ", timeout = 2)
print(test)
your sniffing should time out after 2 seconds. However, this is 100% not working. From what I have gathered, one of the biggest problems as well, is if you set timeout = 5 and run the sniffer, then run a ping google.com in a parallel command prompt, it will capture the 4 packets not displayed until sniff is done then sit there indefinitely, until you send or receive 1 more icmp packet, just one, then it'll kill the sniff and print(test) with 5 total icmp 4 from first ping set, 1 from second ping.
I am using windows, which might be the issue I don't know. I have python 2.7. my entire script, for testing this 1 thing had to isolate it from a much bigger script is as such:
from scapy.all import *
test = sniff(filter="ip and icmp ", timeout = 5)
print(test)
that's it - if timeout = 1, it will not stop until a packet is received as well.
This is the code from scapy's sendrecv.py for sniff timeout
if timeout is not None:
stoptime = time.time()+timeout
remain = None
while 1:
try:
if timeout is not None:
remain = stoptime-time.time()
if remain <= 0:
break
After ripping the function out of scapy sendrecv.py and realizing the function has the same problem, I have narrowed the problem down. It appears when you pass a filter into the sniff function it alters the way timeout works. If you run :
from scapy.all import *
test = sniff(timeout = 5)
print(test)
you will be fine, it'll auto timeout at 5 seconds, otherwise it hangs and doesn't complete the timeout loop properly.