High CPU usage during sniff on Raspberry Pi Zero W

[DrSchottky]

Hi, I'm using scapy (2.4.3) to sniff 802.11 frames on a Raspberry Pi 0W running Raspbian Stretch (Linux 4.19.66+, Python 3.5.3) Even with simple scripts like this

from scapy.all import *
import time

def pkt_callback(pkt):
    print("probe-req")

sniff(iface="mon0", prn=pkt_callback, filter="type mgt subtype probe-req", store=0)

I get a high system load (up to 50% of cpu usage). Frames rate isn't very high (5-10/s), and an equivalent script made with other libs (like pcapy) has a CPU usage close to 0% Is it a normal behaviour?

[gpotter2]

What happens if you get the packets using pcapy then dissect them using Scapy ?

Scapy dissects the packets live which pcapy doesn't. That takes more processing time

About 5-10 packets/s are you sure that simply isn't the speed of how many packets are around you ? Scapy easily reaches thousands of packets per seconds..

[DrSchottky]

You're right, CPU is loaded by packet parsing This (pcapy for capture + scapy for parsing) produces the same cpu load

import pcapy
from scapy.all import *

def pkt_callback(hdr, data):
    print("probe-req")
    print(RadioTap(data).dBm_AntSignal)

packets = pcapy.open_live("mon0", 256, 1, 0)
packets.setfilter('type mgt subtype probe-req')
packets.loop(-1, pkt_callback)

With 5-10 packets/s I mean the number of probe request I'm receiveing, so the how many times callback is executed. Is packet dissecting so CPU intensive? I just need a few bytes from RadioTap header and Dot11 frame, should I write a simpler and dumber parser just for those?

[guedou]

Unfortunately, Python is know to be slow on the Zero W. This is not related to Scapy.