IP packets stripped to 1600 when using `sniff()` + filter on Linux
gelim opened this issue · comments
Hi,
I stumbled on something strange when using sniff()
and receiving IP packets with len>1600: sniff()
was returning packets trimmed to 1600. By digging a bit I see that when using sniff()
with custom filter
that line forces the tcpdump snaplen to 1600.
How to reproduce
Sniffing part
#!/usr/bin/env python
from scapy.all import sniff
from scapy.layers.inet import IP
p = sniff(count=1, filter="host 127.0.0.1 and port 1337")[0]
print "IP.len: %d, packet len: %d" % (p[IP].len, len(p))
Sending part
>>> send(IP(dst="127.0.0.1")/TCP(dport=1337)/Raw(load=5000*'A'))
.
Sent 1 packets.
First script will give:
IP.len: 5040, packet len: 1600
Fixing
My quick patch is using already existing variable MTU:
diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py
index cb95e7a..8a85ad5 100644
--- a/scapy/arch/linux.py
+++ b/scapy/arch/linux.py
@@ -136,9 +136,10 @@ def attach_filter(s, bpf_filter, iface):
if not TCPDUMP:
return
try:
- f = os.popen("%s -i %s -ddd -s 1600 '%s'" % (
+ f = os.popen("%s -i %s -ddd -s %d '%s'" % (
conf.prog.tcpdump,
conf.iface if iface is None else iface,
+ MTU,
bpf_filter,
))
except OSError:
Cheers dans la casa,
--
Mathieu
Seems all right to me, Mathieu! Care to submit a PR?
sure, #903 is on its way
Thanks, I was not super reactive the last days but as PR #903 seems to be merged ok, I'm closing this issue.