问题描述

我正在使用一个基于Scapy的工具，在这一点上，我需要根据协议和目标的IP地址来嗅探数据包

I'm working on a scapy based tool where at a point I need to sniff a packet based on protocol and the ip address of the destination

我想了解sniff()函数中filter选项的使用方式.我尝试在文档中使用格式，但大多数情况下会导致诸如此类的问题. scapy中的sniff函数过滤器不起作用正确.

I'd like to know about the ways in which filter option in sniff() function can be used. I tried using format in documentation but most of the times it results in problems like this.the filter of sniff function in scapy does not work properly .

我用的是

a=sniff(filter="host 172.16.18.69 and tcp port 80",prn = comp_pkt,count = 1)

提前谢谢！

推荐答案

sniff()使用Berkeley数据包筛选器(BPF)语法(与tcpdump相同)，下面是一些示例:

sniff() uses Berkeley Packet Filter (BPF) syntax (the same one as tcpdump), here are some examples:

来自主机或主机的数据包:

Packets from or to host:

host x.x.x.x

仅TCP SYN段:

tcp[tcpflags] & tcp-syn != 0

所有ICMP，但回显请求/答复:

Everything ICMP but echo requests/replies:

icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply

这篇关于Scapy中的嗅探功能的过滤器选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！