Scapy cannot sniff some packets

764 views Asked by At

I've tried using Scapy's sniff function to sniff some packets and compared it to Wiresharks output. Upon displaying Scapy's sniffed packets and Wireshark's sniffed packets on the same interface, I discover that Wireshark can sniff some packets that Scapy was apparently not able to sniff and display. Is there a reason why and if so how can I prevent it so Scapy does not 'drop' any packets and sniffs all the packets Wireshark can receive?

1

There are 1 answers

0
user5665780 On

Scapy itself has many libraries and extensions which are either pre-installed or you will have to install it based on your needs. Your question is a bit vague about what exactly is your comparison factor here between the two, but for example, Scapy will need a HTTPS decoder library installed for decoding the information of those packets. Also in Scapy, you can write your own protocol as you deem. But again if you are doing real-time parsing without a PCAP file Scapy is a good option even with the packet drop ratio. But if you are not concerned about the PCAP file I suggest to use Wireshark/TCPdump and record a PCAP file. You can dissect the PCAP file using Scapy then. Hope this helps.