I'm working on a scapy based tool where at a point I need to sniff a packet based on protocol and the ip address of the destination
I'd like to know about the ways in which filter option in sniff() function can be used. I tried using format in documentation but most of the times it results in problems like this. the filter of sniff function in scapy does not work properly .
The one which I used was
a=sniff(filter="host 172.16.18.69 and tcp port 80",prn = comp_pkt,count = 1)
Thanks in advance!
sniff() uses Berkeley Packet Filter (BPF) syntax (the same one as tcpdump), here are some examples:
Packets from or to host:
host x.x.x.x
Only TCP SYN segments:
tcp[tcpflags] & tcp-syn != 0
Everything ICMP but echo requests/replies:
icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply