[英]IPv6 filter in Scapy
I am using scapy to sniff a IPv6 packet with a specific source ip /dest ip. 我正在使用scapy嗅探具有特定源ip /目标ip的IPv6数据包。
Example: 例:
filter1 ="tcp port "+`port`+ " and ip6 host 2001::4 and tcp[tcpflags] & tcp-syn !=0 and !icmp and !arp and not host "+host_ip
a= sniff(count =1,filter=filter1,iface=eth)
This throws an exception as shown below: scapy.error.Scapy_Exception: Filter parse error 这将引发异常,如下所示:scapy.error.Scapy_Exception:筛选器分析错误
I've never used scapy, but I noticed in your filter1
expression that you have: 我从未使用过scapy,但是我在您的
filter1
表达式中注意到您具有:
+`port`+
... yet you have: ...但是您有:
+host_ip
Maybe you need the back-tiks around the host_ip
? 也许您需要在host_ip周围
host_ip
?
If that's not the problem, you can also try to validate capture filters using tools such as tcpdump , eg, tcpdump -d ${filter1}
or dumpcap , eg, dumpcap -d ${filter1}
before attempting to use them in scapy. 如果这不是问题,您也可以尝试在工具中使用捕获之前,使用tcpdump之类的工具来验证捕获过滤器,例如
tcpdump -d ${filter1}
或dumpcap dumpcap -d ${filter1}
。
For complex filters, scapy allows you the use of a python function as a filter: 对于复杂的过滤器,scapy允许您使用python函数作为过滤器:
desiredip = "2001::4"
undesiredip = host_ip
def isMyPacket (pkt):
if IPv6 in pkt:
pktip6 = pkt[IPv6]
if pktip6.src == desiredip or pktip6.dst == desiredip:
if pktip6.src != undesiredip and pktip6.dst != undesiredip:
if TCP in pktip6:
if pktip6[TCP].flags & 0x02: #Check if it is a SYN
return True #If all conditions are met
return False
a= sniff(count =1,lfilter=isMyPacket,iface=eth)
Anyway, you don't need to check whether it is arp or icmp: If it is TCP you know for sure that it is not arp nor icmp. 无论如何,您无需检查它是arp还是icmp:如果是TCP,则可以确定它不是arp还是icmp。
More about TCP flags in scapy: Get TCP Flags with Scapy 有关Scapy中TCP标志的更多信息: 使用Scapy获取TCP标志
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.