All geek questions in one place

How to filter packets for an IP list using Scapy

I am trying to filter packages of a specific website in Python (using Scapy). I have a list of possible IP addresses (used for load balancing) of a website. I want to filter packets for all of these IP addresses. How can i do this?

For a single IP code, I use the following code:

bpf_filter = "ip and host " + addr
sniff(timeout=10, prn=pkt_callback, store=0)
+4
source share
1 answer

Since you are using cBPF (classic BPF), the only way to filter a set of IP addresses is to list them all:

bpf_filter = "ip and ("
for addr in addresses[:-1]:
    bpf_filter = "%shost %s or " % (bpf_filter, addr)
bpf_filter = "%shost %s)" % (bpf_filter, addresses[-1])

What for a set of IP addresses [10.0.0.1, 10.0.0.2, 10.0.0.3]will return:

ip and (host 10.0.0.1 or host 10.0.0.2 or host 10.0.0.3)

Note. You need at least one IP address in your set to work above.

cBPF?

, Scapy, - BPF. - BPF (, , ). - , .

, IP-. , - - O (1). eBPF, , , Scapy.

+2

Source: https://habr.com/ru/post/1683562/

More articles:


All Articles