Open Krisscut opened 1 year ago
It is also worth noting that a command like "src host and vlan 295 and udp and not arp" was working with a previous version of scapy (2.4.3) and Ubuntu.
Are you sure of that?
Do you have the same issue with conf.use_pcap = True
?
Are you sure of that?
Yes it was used in continuous integration environment and following the upgrade it was 100% failing.
Do you have the same issue with conf.use_pcap = True ?
It doesn't seem to help to use conf.use_pcap = True , no packets was captured.
(But since it seems to be a variable, I'm not sure if it is working with my kind of usage of scapy. I'm not using the syntax from scapy.all import *)
Sniffing is done through this:
result = scapy.sniff(iface=eth, filter=filter, count=1, timeout=60)
Brief description
Using the sniff function in scapy, I'm not able to live capture packets that are vlan tagged using a filter.
Scapy version
2.5.0
Python version
3.9.14
Operating system
Rocky Linux 9.1
Additional environment information
NAME="Rocky Linux" VERSION="9.1 (Blue Onyx)" ID="rocky" ID_LIKE="rhel centos fedora" VERSION_ID="9.1" PLATFORM_ID="platform:el9" PRETTY_NAME="Rocky Linux 9.1 (Blue Onyx)" ANSI_COLOR="0;32" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:rocky:rocky:9::baseos" HOME_URL="https://rockylinux.org/" BUG_REPORT_URL="https://bugs.rockylinux.org/" ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9" ROCKY_SUPPORT_PRODUCT_VERSION="9.1" REDHAT_SUPPORT_PRODUCT="Rocky Linux" REDHAT_SUPPORT_PRODUCT_VERSION="9.1"
Regarding the network setup, I'm running in a docker environment, and I have multiple interfaces setup but for this example only eth0 and eth0.295 (vlan tagged 295) are used. I try to capture the vlan tagged packets that are sent from another docker container.
How to reproduce
Have another application to send Vlan tagged packets with ID 295.
Using scapy, try to capture them with result = sniff(iface="eth0", count=1, timeout=60, filter="vlan 295")
Actual result
I will reach the timeout because no packets is captured unfortunately.![image](https://github.com/secdev/scapy/assets/8125922/1c935a5c-35ce-4a15-8227-40d4bd02967e)
Expected result
I should be able to retrieve packets when I use a filter which includes a vlan, for instance by using this command:
result = sniff(iface="eth0", count=1, timeout=60, filter="vlan 295")
Related resources
I made a pcap capture on the eth0 that I included in this ticket, see capture.zip.
capture.zip
It is worth noting that I'm able to load the capture in "offline" mode and detect the messages there with the filter:![image](https://github.com/secdev/scapy/assets/8125922/77c0592f-49d0-4c48-a5aa-04b87b8d497d)
Same if I use the rdpcap function:
![image](https://github.com/secdev/scapy/assets/8125922/37328d79-aded-4393-a710-3703e82eb301)
Also, I can capture packets by using the following filter without issue:
It is also worth noting that a command like "src host and vlan 295 and udp and not arp" was working with a previous version of scapy (2.4.3) and Ubuntu.