New to scapy. Trying to understand the sr()
Question
I am new to scapy and I am trying to use the sr and sr1 functions to understand their workings.
I was trying to craft the following packet and I see that it has sent 1 packet but it says that it has received 581 packets. Can someone please help me understand why it's showing so many packets received.
Received 1373 packets, got 0 answers, remaining 1 packets
>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)
My TCPDump output does not show that it received so many packets.
1 answers
solution1
9 ACCPTED 2014-09-22 19:33:08
The sr() and sr1() functions will send a packet and listen on the network for the corresponding answers in the case of sr() , sr1() will wait for just one answer.
The packets that were received but were not answers are the packets Scapy sniffed while looking for a response to your original packet. I am unsure of how sniffing with tcpdump while also using Scapy will affect your results - not sure what process the kernel will pass packets to.
Here is an excellent tutorial on Sending and Receiving with Scapy from thePacketGeek.
Also be sure to use the __doc__ attribute of various Scapy functions in an interpreter to get relevant documentation.
>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface
>>>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.