Failed to compile filter expression ip proto UDP and [...]

[Thus0]

Hi

I have some scapy.error.scapy_Exception on scapy sniff filters beginning with the expression "ip proto UDP and ..."

scapy.error.Scapy_Exception: Failed to compile filter expression ip proto UDP ...

If I replace the expression "ip proto UDP" by "udp", the filter is working. Which version of python and scapy are you using ?

I'm testing in docker containers with "alpine:latest" image which provides : python 3.8 and scapy 2.4.5

[CountablyInfinite]

Thanks for bringing this up, it seems like something changed in a recent scapy update.

I developed DIT on Ubuntu 20.04 LTS using Python 3.8.5 and scapy 2.4.4. I used the widely deployed Berkeley Paket Filter (BPF) syntax to write the filter, but it seems like the sniff function won't accept it anymore.

I have not tested this on my dev setup, but i don't think that this is an OS, but rather a scapy problem. If i find time to test and evaluate scapy 2.4.5 on with my dev Setup, i will update the proxy module to work with scapy 2.4.5.

So far you should do fine with your fix.

[Thus0]

I've tried with scapy 2.4.4. and I have the same problem. So I'm suspecting perhaps a container problem.

I have the same error with tcpdump with bpf filter

/app/dit # tcpdump "ip proto udp"
tcpdump: can't parse filter expression: syntax error

/app/dit # tcpdump "ip proto 17"
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

/app/dit # tcpdump "udp"
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

I'm guessing "ip proto 17" should work in all cases