I'm trying to sniff an existing pcap file, filter it and save it to a new file, but I have this exceptions popping up when I'm running my code. How can I fix this?
Code:
from scapy.all import *
def write(pcap):
for pkt in pcap:
wrpcap('filtered.pcap', pkt, append=True)
else:
pass
def load_pcap(path, filter_str):
pcap = sniff(offline=path, filter=filter_str)
write(pcap)
def main():
load_pcap("file.pcap", 'icmp')
main()
Exceptions:
Traceback (most recent call last):
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 1663, in tcpdump
stderr=stderr,
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\subprocess.py", line 756, in __init__
restore_signals, start_new_session)
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\subprocess.py", line 1100, in _execute_child
args = list2cmdline(args)
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\subprocess.py", line 511, in list2cmdline
needquote = (" " in arg) or ("\t" in arg) or not arg
TypeError: argument of type 'NoneType' is not iterable
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "sharkscript.py", line 140, in <module>
main()
File "sharkscript.py", line 137, in main
funcs()
File "sharkscript.py", line 130, in funcs
options()
File "sharkscript.py", line 95, in options
load_pcap(get_filter(), path)
File "sharkscript.py", line 33, in load_pcap
pcap = sniff(offline=path, filter=filter_str)
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\sendrecv.py", line 972, in sniff
sniffer._run(*args, **kwargs)
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\sendrecv.py", line 824, in _run
)] = offline
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 1663, in tcpdump
stderr=stderr,
File "C:\Users\myUser\AppData\Local\Programs\Python\Python37\lib\site-packages\scapy\utils.py", line 555, in __exit__
raise OSError(msg)
OSError: Could not execute windump(), is it installed ?
I tried searching for windump and how to install it, but couldn't find anything. Is there another way to filter an 'offline' pcap?
I tried to run your code and got the same error. I think this is a bug in the sniff
function, as removing the filter
parameter made it work (and it seems to work to others in the past, for example here .
Anyway, if you know the filter in advance you can replace it with haslayer
function, something like this-
def load_pcap(path):
f = PcapWriter("out.pcap", append=True, sync=True)
sniff(offline=path, prn=lambda p: f.write(p) if ICMP in p else None)
If you don't know the exact filter but it will be a simple protocol name you can make a mapping between string and Scapy layer, and use it in the same way.
If the filter is more complicated (for example something like tcp.srcport==1234
) I'm afraid you'll need to get the parameters from the user separately (for example load_pcap(path, src_mac, dst_mac, src_ip, dst_ip, src_port, dst_port, protocol,...)
or find a way to parse the BPF string into parameters.
Hope this helps :)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.