New to scapy. Trying to understand the sr()

python scapy
Pradeep picture Pradeep · Sep 22, 2014 · Viewed 16.4k times · Source

I am new to scapy and I am trying to use the sr and sr1 functions to understand their workings.

I was trying to craft the following packet and I see that it has sent 1 packet but it says that it has received 581 packets. Can someone please help me understand why it's showing so many packets received.

Received 1373 packets, got 0 answers, remaining 1 packets

>>> p=sr(IP(dst="192.168.25.1")/TCP(dport=23))
.Begin emission:
.....Finished to send 1 packets.
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Received 581 packets, got 0 answers, remaining 1 packets
>>> p
(<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)

My TCPDump output does not show that it received so many packets.

Answer

RyPeck picture RyPeck · Sep 22, 2014

The sr() and sr1() functions will send a packet and listen on the network for the corresponding answers in the case of sr(), sr1() will wait for just one answer.

The packets that were received but were not answers are the packets Scapy sniffed while looking for a response to your original packet. I am unsure of how sniffing with tcpdump while also using Scapy will affect your results - not sure what process the kernel will pass packets to.

Here is an excellent tutorial on Sending and Receiving with Scapy from thePacketGeek.

Also be sure to use the __doc__ attribute of various Scapy functions in an interpreter to get relevant documentation.

>>> print sr1.__doc__
Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of bpf filters
retry:    if positive, how many times to resend unanswered packets
          if negative, how many times to retry when no more packets are answered
timeout:  how much time to wait after the last packet has been sent
verbose:  set verbosity level
multi:    whether to accept multiple answers for the same stimulus
filter:   provide a BPF filter
iface:    listen answers only on the given interface
>>>

Related questions

Running Scapy on Windows with Python 2.7

I like to use Scapy with Python v2.7 under Windows 7. How can I install the required module pypcap for Python 2.7? Will it be possible to make Python scripts depending on Scapy into standalone Windows applications using a distribution tool such …

Read More
How can I filter a pcap file by specific protocol using python?

I have some pcap files and I want to filter by protocol, i.e., if I want to filter by HTTP protocol, anything but HTTP packets will remain in the pcap file. There is a tool called openDPI, and it's …

Read More
Scapy packet sniffer triggering an action up on each sniffed packet

I'm using scapy with python to sniff live traffic. capture=sniff(iface="<My Interface>", filter="tcp") But this sniffs each packet and adds it to the list capture which can be processed later. I want to process a …

Read More