New to scapy. Trying to understand sr ()

I am new to scapy and I am trying to use the sr

and functions sr1

to understand how they work.

I tried to create the next packet and I see that it sent 1 packet but it says it received 581 packets. Can someone please help me understand why it is showing so many received packets.

1373 packets received, 0 replies received, 1 packet left

>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)

      

My TCPDump output doesn't show it received that many packets.

+3


source to share


1 answer


Function sr()

, and sr1()

send the packets on the network and listen to the appropriate responses in the event sr()

, sr1()

be glad only one answer.

Packages that were received but were not replies are packets that Scapy sniffed while looking for a response to the original packet. I'm not sure how using sniffing with tcpdump

, and also using Scapy will affect your results - not sure in which process the kernel will transmit packets.

Here's a great tutorial on Sending and Receiving with Scapy from the PacketGeek package.



Also remember to use the __doc__

various Scapy functions attribute in the interpreter for related documentation.

>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry:    if positive, how many times to resend unanswered packets
          if negative, how many times to retry when no more packets are answered
timeout:  how much time to wait after the last packet has been sent
verbose:  set verbosity level
multi:    whether to accept multiple answers for the same stimulus
filter:   provide a BPF filter
iface:    listen answers only on the given interface
>>>

      

+5


source







All Articles