stackoom
  简体   繁体   中英

Write packets captured with scapy sniff in time intervals

 原文  2019-01-30 16:13:32       python/ scapy/ tcpdump

Question

I'm trying to dump packets to a file captured by scapy sniff function every 10 second to no avail.

That is possible with tcpdump like: tcpdump -s 0 -i <interface> -G 10 -w <output.pcap> . G flag is the rotate_seconds.

Is this achievable with scapy?

1 answers

solution1
 1  2019-01-31 14:00:03

Of course it is. Have a look at the wrpcap() documentation.

Essentially, you will simply build a callback function that receives packets and takes actions. Here's a very simple example that is not necessarily intended to be functional. (I'm writing it on the fly here) This should save a cap file every 100 packets. You would simply need to change the logic to be time based instead of packet count based.

#!/usr/bin/env python
from scapy import sniff

pendingPackets = []
baseFilename = "capture-"
totalPackets = 0

def handle_packet(packet):
    pendingPackets.append(packet)
    totalPackets += 1

    if len(pendingPackets) >= 100:
        filename = baseFilename + str(totalPackets) + ".pcap"
        wrpcap(filename, pendingPackets)
        pendingPackets = []

sniff(filter="ip", prn=handle_packet)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Scapy cannot sniff some packets Trying to sniff http packets using scapy scapy sniff function not catching any packets Python socket and scapy sniff drop udp packets Python/Scapy: sniff only incoming packets Python3 Scapy - Sniff fragmented IP packets Scapy PcapReader and packets time Scapy fails to sniff packets when using multiple threads How to determine how fast scapy can sniff packets Time between receiving packets in Scapy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM