sniff() dies when EOF on offline kwarg

[stryngs]

Hi there. I found out by running sniff(offline='') that sniff() will die out when the end of the file is reached. I am now using scapy to parse ubertooth packets. The way I leverage it, I stream the raw ubertooth to a file and then read that in via sniff w/ offline.

If the bluetooth traffic is slower than the rate scapy can consume, it hits the EOF. Once EOF sniff() dies. A while true loop is my current idea for a workaround but am really wondering if there is a way to add in a parameter to keep sniff() open and tail -f so to speak. I don't even know if this is possible and failed in my attempts.

Curious your thoughts. Thanks!

[gpotter2]

This is mostly by design. Checking for EOF really is the cleanest way of ending our stream. What you could do is to extend PcapReader to make it not throw an EOFError then inject it into sniff. Something like (untested):

class Reader(PcapReader):
    def read_packet(self, size=MTU):
        try:
            return super(Reader, self).read_packet(size)
        except EOFError:
            return None

sniff(opened_socket=Reader("some_pcap.pcap"))

[gpotter2]

We usually do not answer questions here but I thought this was interesting. Feel free to reply. Closing

[stryngs]

Just saw your response @gpotter2 -- Curious to see how that works. Thank you for the input!!

[stryngs]

@gpotter2 It worked exactly as you thought it would. I tuned the Ubertooth to sniff only for a certain MAC, made the MAC silent and scapy stayed silent via prn. Made the MAC speak and prn sung a song.

Very nice work and thank you for responding to this. I look forward to merging this into my code. 100% realtime Bluetooth sniffing with scapy via an ubertooth!