问题
The following code:
sniff(filter = "dst aa:bb:cc:dd:ee" )
throws an error because sniff is expecting an IP, not a MAC.
So how are you supposed to filter by MAC?
回答1:
what about specyfing a lfilter for sniff ?
zzz = sniff(lfilter=lambda d: d.src == 'aa:bb:cc:dd:ee:ff')
dst and src are attributes of sniffed message.
previously i have posted an answer where stop_filter was specified. i suppose that it wouldn't work for you, since scapy would stop after receving first packet that match the mac address from stop_filter. lfilter should do the job.
from sendrecv.py:
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
回答2:
The filter parameter needs a BPF filter. The correct syntax is hence filter="ether dst aa:bb:cc:dd:ee:ff".
This is (much) faster than using a Python function as lfilter parameter, as suggested (correctly) by macfij in another answer (plus you don't have to deal with upper/lower-case letters in MAC addresses).
来源:https://stackoverflow.com/questions/24386000/how-to-filter-by-ethernet-mac-address