-1

Hi everyone, first of all this is my first post on StackOverflow \o/

Well, for my job I have to build an "nbnsStrom" script to study his comportement on FWs. An original (compiled) virus send at 25 000 packet/second when mine laboriously reach 1000 packet/second. I tried multithreading but my CPU is already at 100% with my original script. Do I need to port my script in C or I missed something with python performance.

My main function 

def main():
 packets_sent = 0
 c_range = ip_ranges() #return a list
 packet = Ether()/ IP()/UDP(sport=137,dport=137,len=58)/NBNSQueryRequest(FLAGS=0x0110, QUESTION_NAME='WPAD')
 start_time = time.time()
 for ip in c_range:
     packet[IP].dst = ip
     sr1(packet, verbose=False)
     packets_sent +=1
 timer = time.time() - start_time
 print "ratio : "+` packets_sent/timer`+" p/s"

Thank you for reading and please, excuse my english which is not my native language, Cheers !

mtt hnn
  • 13
  • 3

1 Answers1

0

The sr function family stands for send and receive, so your loop waits for a response after sending each packet. If you're just interested in sending packets use one of the send functions.

Another error is creating a layer 2 packet and trying to send it via a layer 3 function. Note the difference between send and sendp or sr and srp.

Furthermore, I would suggest computing the packets beforehand and invoking scapy's function just once (most of its functions accept a list of packets).

It's worth mentioning the sendpfast function that sends packets using tcpreplay (this first creates a temporary pcap file which is passed on to tcpreplay). Here is a related SO question that tries to further improve its performance by bypassing the file creation mechanism, however I'm not sure that's relevant in your case.

Some extra notes:

  • For a more detailed documentation on scapy's functions see this.
  • Use timeit to benchmark function performance.

EDIT - @mtthnn, regarding your comment, it's more than just initializing the packet in each loop iteration. It's the unknown start-up and tear-down facilities that take place inside the invoked scapy function. To illustrate this, see some basic measurements:

def send1(c_range):
    for ip in c_range:
        packet = Ether()/ IP()/UDP(sport=137,dport=137,len=58)/NBNSQueryRequest(FLAGS=0x0110, QUESTION_NAME='WPAD')
        packet[IP].dst = ip
        scapy.all.sendp(packet, verbose = False)

def send2(c_range):
    packets = []
    for ip in c_range:
        packet = Ether()/ IP()/UDP(sport=137,dport=137,len=58)/NBNSQueryRequest(FLAGS=0x0110, QUESTION_NAME='WPAD')
        packet[IP].dst = ip
        packets.append(packet)
    scapy.all.sendp(packets, verbose = False)

In [58]: timeit send1(ip_ranges())
1 loops, best of 3: 322 ms per loop

In [59]: timeit send2(ip_ranges())
10 loops, best of 3: 45.2 ms per loop
Community
  • 1
  • 1
Yoel
  • 9,144
  • 7
  • 42
  • 57
  • Thank you for answere. Aboutn sr, i tried all scapy send function and sr was the last I tried ; the one I pasted to my post. Anyway, I didn't think about give a list to send. Through that "packet[IP].dst = ip then resend" was not resource hungry. Furthermore, i'll investigate the sendpfast without temp file. – mtt hnn Sep 23 '14 at 14:14
  • @mtthnn, I've edited my response. Please review it and attempt invoking `sendp` (not `send`) just once (not inside the loop) before reverting to further optimizing the code. – Yoel Sep 23 '14 at 15:14