diff --git a/scapy/arch/windows/compatibility.py b/scapy/arch/windows/compatibility.py index 107e4999570..4f7bbfb40be 100644 --- a/scapy/arch/windows/compatibility.py +++ b/scapy/arch/windows/compatibility.py @@ -7,13 +7,20 @@ Instanciate part of the customizations needed to support Microsoft Windows. """ +import itertools +import os +import re +import socket +import subprocess +import sys +import time + from scapy.arch.consts import LOOPBACK_NAME from scapy.config import conf,ConfClass from scapy.base_classes import Gen, SetGen import scapy.plist as plist from scapy.utils import PcapReader from scapy.data import MTU, ETH_P_ARP -import os,re,sys,socket,time, itertools WINDOWS = True @@ -171,6 +178,7 @@ def sniff(count=0, store=1, offline=None, prn = None, lfilter=None, L2socket=Non prn: function to apply to each packet. If something is returned, it is displayed. Ex: ex: prn = lambda x: x.summary() + filter: provide a BPF filter lfilter: python function applied to each packet to determine if further action may be done ex: lfilter = lambda x: x.haslayer(Padding) @@ -186,8 +194,25 @@ def sniff(count=0, store=1, offline=None, prn = None, lfilter=None, L2socket=Non L2socket = conf.L2listen s = L2socket(type=ETH_P_ALL, *arg, **karg) else: - s = PcapReader(offline) - + flt = karg.get('filter') + if flt is not None: + if isinstance(offline, basestring): + s = PcapReader( + subprocess.Popen( + [conf.prog.tcpdump, "-r", offline, "-w", "-", flt], + stdout=subprocess.PIPE + ).stdout + ) + else: + s = PcapReader( + subprocess.Popen( + [conf.prog.tcpdump, "-r", "-", "-w", "-", flt], + stdin=offline, + stdout=subprocess.PIPE + ).stdout + ) + else: + s = PcapReader(offline) lst = [] if timeout is not None: stoptime = time.time()+timeout diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 86fcb7558ce..8a96ef04fb5 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -572,6 +572,7 @@ def sniff(count=0, store=1, offline=None, prn=None, lfilter=None, prn: function to apply to each packet. If something is returned, it is displayed. Ex: ex: prn = lambda x: x.summary() + filter: provide a BPF filter lfilter: python function applied to each packet to determine if further action may be done ex: lfilter = lambda x: x.haslayer(Padding) @@ -603,8 +604,30 @@ def sniff(count=0, store=1, offline=None, prn=None, lfilter=None, sniff_sockets = [L2socket(type=ETH_P_ALL, iface=iface, *arg, **karg)] else: - sniff_sockets = [PcapReader(offline)] - + flt = karg.get('filter') + if flt is not None: + if isinstance(offline, basestring): + sniff_sockets = [ + PcapReader( + subprocess.Popen( + [conf.prog.tcpdump, "-r", offline, "-w", "-", + flt], + stdout=subprocess.PIPE + ).stdout + ) + ] + else: + sniff_sockets = [ + PcapReader( + subprocess.Popen( + [conf.prog.tcpdump, "-r", "-", "-w", "-", flt], + stdin=offline, + stdout=subprocess.PIPE + ).stdout + ) + ] + else: + sniff_sockets = [PcapReader(offline)] lst = [] if timeout is not None: stoptime = time.time()+timeout