Scapy waiting for multiple packets

Question

In order to perform a HTTP GET, I need to send a packet (the GET / HTTP/1.0\n\n) and wait for 3 packets:

The ACK of my GET

The GET answer: HTTP/1.0 200 OK

and the FIN ACK of the transmission

I found 2 ways:

=> use sr() with multi option

=> use sniff just after sending my GET request

• For sr() function, the problem is to stop the sniffing, the only option is to set a timeout, but my script will test many different sites, so many different of time's answer, it could be hard to choose a static timeout value where I'm sure that no site exceed it anytime.

• For sniff, there is no the same problem because I can set "count" argument to take only the 3 packets. But it's hard to make a filter good enough to be sure the 3 packets recorded are the 3 that I want (and no ARP, DNS or anything else). But the main problem is sometimes the fist answer packet come before "sniff" is launched (between send(GET_PACKET) and answers=sniff(...)). In this case, I lost some information and all my post-treatment is corrupted.

The perfect way would be to use sr() function with "count=3" option to only get 3 packets, but that option doesn't exist with sr().

Anynone have an idea?

Thanks a lot

Sorry for my language, I'm French

Answer 1

Use Sniff and set the filter to TCP port 80 and for delay problem you can use a thread, first start your sniffer in thread then send the packets :

def sniffer():
    packets=sniff(filter="tcp port 80" , count=5)
    wrcap("test.cap" , packets) #save packets in .cap file
t = threading.Thread(target=sniffer)
t.start()

But you can use a better way that explained HERE. send your packets manually.

Answer 2

This is more of a hint than an answer, but the problem might be that you want to inspect transport layer packets for a application layer request. You could split up your HTTP GET down to transport layer by sending SYN, waiting for and answer and then send ACK, GET. Here is a link describing what you might want.