I am using Scapy and would like to filter based on the destination mac address.
However, I am getting packets displayed where the destination MAC address is not the address specified in the filter.
Here is a code snippit:
from scapy.all import *
sniff(iface="eth1", filter="ether dst host 91:e0:f0:01:00:00",
count=3, prn=lambda x: x.show())
I am running Scapy 2.2.0
Any ideas on the issue here?
Scapy requires numerous dependencies for many different systems. It is quiet possible that you don't have the required dependency for BPF filters to work.
http://www.secdev.org/projects/scapy/portability.html
It's scapy fault!!! It seems that scapy starts receiving packets before applying the BPF filter (filter argument of sniff function). It takes a while to get work properly!
Two methods to get rid of this:
lfilter to define your filtering function inside the script. It's not efficient on busy link because filter is applied in your script, instead of kernel. Consider using pypy to speed it up.scapy and then rely on scapy to filter the unwanted packets.Installing tcpdump solved the problem for me - now the filter on sniff works
In my case, upgrading to 2.3.3dev (github version), fixed it
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 够拽才男人 的文章《Scapy BPF filter not working》','https://www.manongdao.com/article-668220.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}