Search code examples
pythonroutesscapypacket-sniffers

is there a way to inspect packets in live traffic scapy?

I am trying to inspect packets as they come into my interface.

So what I need to do is :

I am running a forwarding machine. So basically I act like a router for the computers in my lan. So I need to route the packets to appropriate destinations as they come through. This part I have working.

Next part is as follows:

  1. Inspect the packets that flow through my pc
  2. Based on the payload of those packets make an appropriate routing decision

How can I do steps 1 and 2 using scapy?

Solution

  • It's pretty simple, you can iterate over incoming packets and then look at their fields and send them whichever way.

    This example captures all packets on interface eth1 and sends all IP packets to 1.1.1.1 if the source IP ends in 5:

    from scapy.all import *
for pkt in sniff(iface='eth1'):
    if IP in pkt and pkt[IP].src.endswith('5'):
        pkt[IP].dst = '1.1.1.1'
        sendp(pkt, iface='eth2')