scapy.sendrecv module

Functions to send and receive packets.

class scapy.sendrecv.AsyncSniffer(*args, **kwargs)

Bases: object

Sniff packets and return a list of packets.

Parameters:
  • count – number of packets to capture. 0 means infinity.
  • store – whether to store sniffed packets or discard them
  • prn – function to apply to each packet. If something is returned, it is displayed. –Ex: prn = lambda x: x.summary()
  • session – a session = a flow decoder used to handle stream of packets. e.g: IPSession (to defragment on-the-flow) or NetflowSession
  • filter – BPF filter to apply.
  • lfilter – Python function applied to each packet to determine if further action may be done. –Ex: lfilter = lambda x: x.haslayer(Padding)
  • offline – PCAP file (or list of PCAP files) to read packets from, instead of sniffing them
  • timeout – stop sniffing after a given time (default: None).
  • L2socket – use the provided L2socket (default: use conf.L2listen).
  • opened_socket – provide an object (or a list of objects) ready to use .recv() on.
  • stop_filter – Python function applied to each packet to determine if we have to stop the capture after this packet. –Ex: stop_filter = lambda x: x.haslayer(TCP)
  • iface – interface or list of interfaces (default: None for sniffing on all interfaces).
  • monitor – use monitor mode. May not be available on all OS
  • started_callback – called as soon as the sniffer starts sniffing (default: None).

The iface, offline and opened_socket parameters can be either an element, a list of elements, or a dict object mapping an element to a label (see examples below).

Examples: synchronous
>>> sniff(filter="arp")
>>> sniff(filter="tcp",
...       session=IPSession,  # defragment on-the-flow
...       prn=lambda x: x.summary())
>>> sniff(lfilter=lambda pkt: ARP in pkt)
>>> sniff(iface="eth0", prn=Packet.summary)
>>> sniff(iface=["eth0", "mon0"],
...       prn=lambda pkt: "%s: %s" % (pkt.sniffed_on,
...                                   pkt.summary()))
>>> sniff(iface={"eth0": "Ethernet", "mon0": "Wifi"},
...       prn=lambda pkt: "%s: %s" % (pkt.sniffed_on,
...                                   pkt.summary()))
Examples: asynchronous
>>> t = AsyncSniffer(iface="enp0s3")
>>> t.start()
>>> time.sleep(1)
>>> print("nice weather today")
>>> t.stop()
join(*args, **kwargs)
start()

Starts AsyncSniffer in async mode

stop(join=True)

Stops AsyncSniffer if not in async mode

class scapy.sendrecv.SndRcvHandler(pks, pkt, timeout=None, inter=0, verbose=None, chainCC=False, retry=0, multi=False, rcv_pks=None, prebuild=False, _flood=None, session=None)

Bases: object

results()
scapy.sendrecv.bridge_and_sniff(if1, if2, xfrm12=None, xfrm21=None, prn=None, L2socket=None, *args, **kargs)

Forward traffic between interfaces if1 and if2, sniff and return the exchanged packets.

Parameters:
  • if2 (if1,) – the interfaces to use (interface names or opened sockets).
  • xfrm12 – a function to call when forwarding a packet from if1 to if2. If it returns True, the packet is forwarded as it. If it returns False or None, the packet is discarded. If it returns a packet, this packet is forwarded instead of the original packet one.
  • xfrm21 – same as xfrm12 for packets forwarded from if2 to if1.
  • other arguments are the same than for the function sniff(), (The) – except for offline, opened_socket and iface that are ignored. See help(sniff) for more.
class scapy.sendrecv.debug

Bases: object

crashed_on = None
match = []
recv = []
sent = []
scapy.sendrecv.send(x, inter=0, loop=0, count=None, verbose=None, realtime=None, return_packets=False, socket=None, *args, **kargs)

Send packets at layer 3

Parameters:
  • x – the packets
  • inter – time (in s) between two packets (default 0)
  • loop – send packet indefinetly (default 0)
  • count – number of packets to send (default None=1)
  • verbose – verbose mode (default None=conf.verbose)
  • realtime – check that a packet was sent before sending the next one
  • return_packets – return the sent packets
  • socket – the socket to use (default is conf.L3socket(kargs))
  • iface – the interface to send the packets on
  • monitor – (not on linux) send in monitor mode
Returns:

None

scapy.sendrecv.sendp(x, inter=0, loop=0, iface=None, iface_hint=None, count=None, verbose=None, realtime=None, return_packets=False, socket=None, *args, **kargs)

Send packets at layer 2

Parameters:
  • x – the packets
  • inter – time (in s) between two packets (default 0)
  • loop – send packet indefinetly (default 0)
  • count – number of packets to send (default None=1)
  • verbose – verbose mode (default None=conf.verbose)
  • realtime – check that a packet was sent before sending the next one
  • return_packets – return the sent packets
  • socket – the socket to use (default is conf.L3socket(kargs))
  • iface – the interface to send the packets on
  • monitor – (not on linux) send in monitor mode
Returns:

None

scapy.sendrecv.sendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, iface=None, replay_args=None, parse_results=False)

Send packets at layer 2 using tcpreplay for performance

Parameters:
  • pps – packets per second
  • mpbs – MBits per second
  • realtime – use packet’s timestamp, bending time with real-time value
  • loop – number of times to process the packet list
  • file_cache – cache packets in RAM instead of reading from disk at each iteration
  • iface – output interface
  • replay_args – List of additional tcpreplay args (List[str])
  • parse_results – Return a dictionary of information outputted by tcpreplay (default=False)
Returns:

stdout, stderr, command used

scapy.sendrecv.sndrcv(*args, **kwargs)

Scapy raw function to send a packet and receive its answer. WARNING: This is an internal function. Using sr/srp/sr1/srp is more appropriate in many cases.

scapy.sendrecv.sndrcvflood(pks, pkt, inter=0, verbose=None, chainCC=False, timeout=None)

sndrcv equivalent for flooding.

scapy.sendrecv.sniff(*args, **kwargs)

Sniff packets and return a list of packets.

Parameters:
  • count – number of packets to capture. 0 means infinity.
  • store – whether to store sniffed packets or discard them
  • prn – function to apply to each packet. If something is returned, it is displayed. –Ex: prn = lambda x: x.summary()
  • session – a session = a flow decoder used to handle stream of packets. e.g: IPSession (to defragment on-the-flow) or NetflowSession
  • filter – BPF filter to apply.
  • lfilter – Python function applied to each packet to determine if further action may be done. –Ex: lfilter = lambda x: x.haslayer(Padding)
  • offline – PCAP file (or list of PCAP files) to read packets from, instead of sniffing them
  • timeout – stop sniffing after a given time (default: None).
  • L2socket – use the provided L2socket (default: use conf.L2listen).
  • opened_socket – provide an object (or a list of objects) ready to use .recv() on.
  • stop_filter – Python function applied to each packet to determine if we have to stop the capture after this packet. –Ex: stop_filter = lambda x: x.haslayer(TCP)
  • iface – interface or list of interfaces (default: None for sniffing on all interfaces).
  • monitor – use monitor mode. May not be available on all OS
  • started_callback – called as soon as the sniffer starts sniffing (default: None).

The iface, offline and opened_socket parameters can be either an element, a list of elements, or a dict object mapping an element to a label (see examples below).

Examples: synchronous
>>> sniff(filter="arp")
>>> sniff(filter="tcp",
...       session=IPSession,  # defragment on-the-flow
...       prn=lambda x: x.summary())
>>> sniff(lfilter=lambda pkt: ARP in pkt)
>>> sniff(iface="eth0", prn=Packet.summary)
>>> sniff(iface=["eth0", "mon0"],
...       prn=lambda pkt: "%s: %s" % (pkt.sniffed_on,
...                                   pkt.summary()))
>>> sniff(iface={"eth0": "Ethernet", "mon0": "Wifi"},
...       prn=lambda pkt: "%s: %s" % (pkt.sniffed_on,
...                                   pkt.summary()))
Examples: asynchronous
>>> t = AsyncSniffer(iface="enp0s3")
>>> t.start()
>>> time.sleep(1)
>>> print("nice weather today")
>>> t.stop()
scapy.sendrecv.sr(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs)

Send and receive packets at layer 3

Parameters:
  • pks – SuperSocket instance to send/receive packets
  • pkt – the packet to send
  • rcv_pks – if set, will be used instead of pks to receive packets. packets will still be sent through pks
  • nofilter – put 1 to avoid use of BPF filters
  • retry – if positive, how many times to resend unanswered packets if negative, how many times to retry when no more packets are answered
  • timeout – how much time to wait after the last packet has been sent
  • verbose – set verbosity level
  • multi – whether to accept multiple answers for the same stimulus
  • store_unanswered – whether to store not-answered packets or not. setting it to False will increase speed, and will return None as the unans list.
  • process – if specified, only result from process(pkt) will be stored. the function should follow the following format: lambda sent, received: (func(sent), func2(received)) if the packet is unanswered, received will be None. if store_unanswered is False, the function won’t be called on un-answered packets.
  • prebuild – pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet
scapy.sendrecv.sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs)

Send packets at layer 3 and return only the first answer

Parameters:
  • pks – SuperSocket instance to send/receive packets
  • pkt – the packet to send
  • rcv_pks – if set, will be used instead of pks to receive packets. packets will still be sent through pks
  • nofilter – put 1 to avoid use of BPF filters
  • retry – if positive, how many times to resend unanswered packets if negative, how many times to retry when no more packets are answered
  • timeout – how much time to wait after the last packet has been sent
  • verbose – set verbosity level
  • multi – whether to accept multiple answers for the same stimulus
  • store_unanswered – whether to store not-answered packets or not. setting it to False will increase speed, and will return None as the unans list.
  • process – if specified, only result from process(pkt) will be stored. the function should follow the following format: lambda sent, received: (func(sent), func2(received)) if the packet is unanswered, received will be None. if store_unanswered is False, the function won’t be called on un-answered packets.
  • prebuild – pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet
scapy.sendrecv.sr1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs)

Flood and receive packets at layer 3 and return only the first answer

Parameters:
  • prn – function applied to packets received
  • verbose – set verbosity level
  • nofilter – put 1 to avoid use of BPF filters
  • filter – provide a BPF filter
  • iface – listen answers only on the given interface
scapy.sendrecv.sr_func(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs)

Send packets at layer 3 and return only the first answer

Parameters:
  • pks – SuperSocket instance to send/receive packets
  • pkt – the packet to send
  • rcv_pks – if set, will be used instead of pks to receive packets. packets will still be sent through pks
  • nofilter – put 1 to avoid use of BPF filters
  • retry – if positive, how many times to resend unanswered packets if negative, how many times to retry when no more packets are answered
  • timeout – how much time to wait after the last packet has been sent
  • verbose – set verbosity level
  • multi – whether to accept multiple answers for the same stimulus
  • store_unanswered – whether to store not-answered packets or not. setting it to False will increase speed, and will return None as the unans list.
  • process – if specified, only result from process(pkt) will be stored. the function should follow the following format: lambda sent, received: (func(sent), func2(received)) if the packet is unanswered, received will be None. if store_unanswered is False, the function won’t be called on un-answered packets.
  • prebuild – pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet
scapy.sendrecv.srflood(x, promisc=None, filter=None, iface=None, nofilter=None, *args, **kargs)

Flood and receive packets at layer 3

Parameters:
  • prn – function applied to packets received
  • unique – only consider packets whose print
  • nofilter – put 1 to avoid use of BPF filters
  • filter – provide a BPF filter
  • iface – listen answers only on the given interface
scapy.sendrecv.srloop(pkts, *args, **kargs)

Send a packet at layer 3 in loop and print the answer each time srloop(pkts, [prn], [inter], [count], …) –> None

scapy.sendrecv.srp(x, promisc=None, iface=None, iface_hint=None, filter=None, nofilter=0, type=3, *args, **kargs)

Send and receive packets at layer 2

Parameters:
  • pks – SuperSocket instance to send/receive packets
  • pkt – the packet to send
  • rcv_pks – if set, will be used instead of pks to receive packets. packets will still be sent through pks
  • nofilter – put 1 to avoid use of BPF filters
  • retry – if positive, how many times to resend unanswered packets if negative, how many times to retry when no more packets are answered
  • timeout – how much time to wait after the last packet has been sent
  • verbose – set verbosity level
  • multi – whether to accept multiple answers for the same stimulus
  • store_unanswered – whether to store not-answered packets or not. setting it to False will increase speed, and will return None as the unans list.
  • process – if specified, only result from process(pkt) will be stored. the function should follow the following format: lambda sent, received: (func(sent), func2(received)) if the packet is unanswered, received will be None. if store_unanswered is False, the function won’t be called on un-answered packets.
  • prebuild – pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet
scapy.sendrecv.srp1(*args, **kargs)

Send and receive packets at layer 2 and return only the first answer

Parameters:
  • pks – SuperSocket instance to send/receive packets
  • pkt – the packet to send
  • rcv_pks – if set, will be used instead of pks to receive packets. packets will still be sent through pks
  • nofilter – put 1 to avoid use of BPF filters
  • retry – if positive, how many times to resend unanswered packets if negative, how many times to retry when no more packets are answered
  • timeout – how much time to wait after the last packet has been sent
  • verbose – set verbosity level
  • multi – whether to accept multiple answers for the same stimulus
  • store_unanswered – whether to store not-answered packets or not. setting it to False will increase speed, and will return None as the unans list.
  • process – if specified, only result from process(pkt) will be stored. the function should follow the following format: lambda sent, received: (func(sent), func2(received)) if the packet is unanswered, received will be None. if store_unanswered is False, the function won’t be called on un-answered packets.
  • prebuild – pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet
scapy.sendrecv.srp1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs)

Flood and receive packets at layer 2 and return only the first answer

Parameters:
  • prn – function applied to packets received
  • verbose – set verbosity level
  • nofilter – put 1 to avoid use of BPF filters
  • filter – provide a BPF filter
  • iface – listen answers only on the given interface
scapy.sendrecv.srpflood(x, promisc=None, filter=None, iface=None, iface_hint=None, nofilter=None, *args, **kargs)

Flood and receive packets at layer 2

Parameters:
  • prn – function applied to packets received
  • unique – only consider packets whose print
  • nofilter – put 1 to avoid use of BPF filters
  • filter – provide a BPF filter
  • iface – listen answers only on the given interface
scapy.sendrecv.srploop(pkts, *args, **kargs)

Send a packet at layer 2 in loop and print the answer each time srloop(pkts, [prn], [inter], [count], …) –> None

scapy.sendrecv.tshark(*args, **kargs)

Sniff packets and print them calling pkt.summary(). This tries to replicate what text-wireshark (tshark) would look like