New to scapy. Trying to understand sr ()
I am new to scapy and I am trying to use the sr
and functions sr1
to understand how they work.
I tried to create the next packet and I see that it sent 1 packet but it says it received 581 packets. Can someone please help me understand why it is showing so many received packets.
1373 packets received, 0 replies received, 1 packet left
>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)
My TCPDump output doesn't show it received that many packets.
source to share
Function sr()
, and sr1()
send the packets on the network and listen to the appropriate responses in the event sr()
, sr1()
be glad only one answer.
Packages that were received but were not replies are packets that Scapy sniffed while looking for a response to the original packet. I'm not sure how using sniffing with tcpdump
, and also using Scapy will affect your results - not sure in which process the kernel will transmit packets.
Here's a great tutorial on Sending and Receiving with Scapy from the PacketGeek package.
Also remember to use the __doc__
various Scapy functions attribute in the interpreter for related documentation.
>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface
>>>
source to share