1

I've tried almost all Python sniffing modules (pcapy, winpcapy, pypcap, scapy, socket).

I got always the same problem that I lost a part of the packets (about 1% ~ 10%).

But at same time with Wireshark and tcpdump packets are never lost; maybe performance? Or try to do something with multiprocess?

krlzlx
  • 5,752
  • 14
  • 47
  • 55
Poisonx
  • 11
  • 2
  • 1
    please provide some code that you're using to collect. packet loss can depend on the options of how scapy is configured – StephenG Jul 19 '17 at 15:05
  • ok.i using some example code from www.secdev.org/projects/scapy/: from scapy.all import * from scapy.layers import http def http_header(): do something; packet=sniff(prn=http_header,store=0) and how can i check the scapy configured. thx! – Poisonx Jul 20 '17 at 01:46

1 Answers1

1

from this code

from scapy.all import *
from scapy.layers import http 
def http_header():
    do something

packet=sniff(prn=http_header,store=0)

store 0 is the problem. it basically says only process packets as soon as possible, don't buffer. run the same code with sniff(prn=http_header) and you won't drop any packets

StephenG
  • 2,851
  • 1
  • 16
  • 36
  • thank your answer, i try it agin with sniff(prn=http_header),but its still lost,and i found python process memory leak, actually,i will run the program a long time. so i need it. – Poisonx Jul 20 '17 at 05:36
  • @Poisonx, did you find the solution? I also tried without store=0, still have package lost. – HappyCoding Jul 06 '18 at 09:16