# coding=utf-8


# 嗅探数据包
from scapy.all import *
from scapy.layers.inet import IP
from scapy.layers.l2 import ARP

# print(ls()) # ls()显示所有支持的数据包对象
# print(ls(ARP)) # ls(ARP)显示ARP模块中的内容
# print(lsc()) #lsc()列出所有的函数

test_ip = IP()
print(test_ip)
print(test_ip.hide_defaults()) # hide_defaults()删除一些用户提供的和default value相同的项目
test_ip.display()  # display():查看当前pkt各参数取值信息

'''
说明：
filter:过滤条件
prn:回调函数，通常与lambda搭配使用
count:数据包数量

'''
sniff(filter="ip src 192.168.6.212 and icmp", prn=lambda x:x.summary(),count=2)
'''
Ether / IP / ICMP 192.168.6.212 > 192.168.6.1 echo-reply 0 / Raw
Ether / IP / ICMP 192.168.6.212 > 192.168.6.1 echo-reply 0 / Raw
'''

'''
说明：
filter="not icmp" 抓取非ICMP报文
'''
sniff(filter="not icmp", prn=lambda x:x.summary(),count=3)
'''
Ether / ARP who has 192.168.6.1 says 192.168.6.212 / Padding
Ether / ARP is at 00:50:56:c0:00:08 says 192.168.6.1
'''


sniff(filter="icmp", prn=lambda x:x[IP].src, count = 3)



pk = sniff(filter="icmp",  count=3)
wrpcap('testScapySniff_1.pcap', pk) #抓包生成pcap文件
wrpcapng('testScapySniff_2.pcapng', pk) #抓包生成pcapng文件


# 回调函数
def callBack(x):
    print(x[IP].src, x[IP].dst, x[IP].ttl)
sniff(filter="icmp",  prn = callBack,count=3) # prn = 回调函数，不加（）


# 自动生成pcap包
pkts = []
count = 0
pcap_num = 0
def write_pcap(x):
    print("Enter write_pcap...")
    global pkts
    global count
    global pcap_num

    pkts.append(x)
    count += 1
    if count == 3:
        pcap_num += 1
        pname = "testScapySniff_write_" + str(pcap_num) + ".pcap"
        print(pname)
        wrpcap(pname, pkts)
        pkts = []
        count = 0
sniff(filter="icmp",  prn = write_pcap,count=9)