Closed lidllohntsich closed 5 years ago
I am aware of this issue but I did not invest time to provide a patch. The Linux kernel strips the 802.1Q tag, and Scapy should manage to add it back. That what libpcap does.
Python 2.7 does not provide a simple way to manipulate ancillary data, whereas Python 3 does. It might be tricky to easily support both.
Anyway, now that you open the issue. I will try to find time to have a deeper look at an efficient solution =)
@lidllohntsich wireshark can not see this tag too :) if you really need to sniff only qinq now try to this way https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configure_802_1q_vlan_tagging_using_the_command_line maybe it will helpful for you.
@guedou I found that module: https://github.com/floodlight/oftest/blob/master/src/python/oftest/afpacket.py
I managed to write my own simple sniff function, which has access to vlan tags. I done it in following way: `
from afpacket import recv, enable_auxdata
def mysniff(...):
sock = socket(AF_PACKET, SOCK_RAW)
sock.bind((iface, ETH_P_ALL))
enable_auxdata(sock)
while True:
buf = recv(sock, 65535)
pkt = Ether(buf)
...
`
I believe it may be helpful.
Thanks !
@grzegorzsn I suppose you have another part of the code effectively adding the 802.1q tag that you don't show here?
@p-l- The magic takes place in module I linked. recv and enable_auxdata are imported from afpacket.py. The module is responsible for tag reconstruction.
I added import line to my example to make it clearer.
Hello together,
i have a similar problem like @lidllohntsich . With the difference, that i have to sniff the packets on windows. Will the tag reconstruction discribed by @grzegorzsn work on win too or is there now a solution in scapy? Is this solution an extention of the sniff function?
Is this problem resolved now? What @lidllohntsich has suggested, it did not work for me! I want to stick with the default sniff() of scapy. Does anyone reaches to effective solution?
We could absolutely merge the suggestion with scapy, we just need for someone to get around the issue.
The code handling Linux sockets is currently atrociously hard to read (@guedou, @p-l- we absolutely need to remove duplications from arch/Linux.py as I did in pcapdnet.py).
Update years later..
IMH we shouldn't bother supporting Python 2 for this feature. Even though we keep support for Python 2.7 after 2020, I'd rather not maintain system calls only for that.
Here's a first try of an implementation (Python 3 only): https://github.com/secdev/scapy/pull/2091 I couldn't really test it. Any help with that would be greatly appreciated
Question: if it's possible (?) should we try to support sending packets with this ? Is it even required that we do something, or does the kernel understands Ether()/Dot1Q()
?
Thanks, that is a really cool PR.
Several answers:
To support Python 2.7:
recvmsg
ourselves, as not provided by the socket
moduleLet's do this =)
Fixed by #2091
conf.use_pcap=True import scapy.arch.pcapdnet p=sniff(iface='enp3s0', count=20, timeout=10)
i have a similar problem like you,Using the same code within a normal python shell does not work,Have you find efficient solution?
Are there any plans to support VLAN sniffing directly via scapy sniff()?
AFAIK normal sniff() does not show captured VLAN tags, as they are removed by the linux kernel.
When i am using the following code within the scapy shell:
I got all packets including the 802.1Q tags.
Using the same code within a normal python shell does not work. No packets are captured. Are there any hints how to make the sniff() work within a python shell?