0

I created program, glueing two others: Multicast receiver from:

How do you UDP multicast in Python?

scapy packet sniffer:

https://thepacketgeek.com/scapy-sniffing-with-custom-actions-part-1/

I'm wondering why my program is inconsitent in packet capturing. When I capture traffic, I use timeout equal to 1(sec). Every 3-5 seconds i see drop in captured packets. My source is really stable(10.568Mbit/s). I see using program streamXpert that the value of bitrate differs from each other by magnitude of no more than tens of Kbits.
I would like to achieve consistent, reliable results, but such drops are inadmissible. General results are good. But I don't know what may cause such big falls. Here are results of my program executed 3 times, each session captures 10 one second samples and at the end they are printed: https://pastebin.com/7pb0R3gr

I tried to analyse 100 samples, each sniffing lasting 0.1 sec, in order to see better what may cause this problem. I see that sometimes there happen really odd drops that can be bigger than half of actual value. Here are results: https://pastebin.com/7jk2VStL

import socket
import struct
from collections import Counter
from scapy.all import sniff

MCAST_GRP = '239.0.1.104'
MCAST_PORT = 12345
IS_ALL_GROUPS = True

packet_counts = Counter()
capturedPacketsSize = 0
bitrateList = []

## Defining custom function that sums sizes of captured packets
def custom_action(packet):
    global capturedPacketsSize
    capturedPacketsSize += len(packet)    

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

if IS_ALL_GROUPS:
    # on this port, receives ALL multicast groups
    sock.bind(('', MCAST_PORT))
else:
    # on this port, listen ONLY to MCAST_GRP
    sock.bind((MCAST_GRP, MCAST_PORT))

#Creating socket that gets UDP multicast packets

mreq = struct.pack("4sl", socket.inet_aton(MCAST_GRP), socket.INADDR_ANY)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)

print("_____.:|   Starting analyse of bitrate!   |:._____")
for x in range(10):
    pkt = sniff(iface="eno4", filter="ip host 239.0.1.104", prn=custom_action, timeout=0.1)
    MCbitrate = round((capturedPacketsSize*8)/(1024*1024),3)
    bitrateList.append(MCbitrate)
    capturedPacketsSize = 0
for x in range(10):
    print("{0}\n".format(bitrateList[x]))
Yenjay
  • 55
  • 8
  • You know you aren't using `sock` right ? What's it for ? If you wanted to sniff on it, `sniff(opened_socket=...)` – Cukic0d Aug 09 '19 at 11:56
  • 1
    I am using sock. My source is programmed that way, it needs socket connection in order to start getting packets. If i would use only sniff part without socket, packets are not arriving and nothing is sniffed. And also i haven't seen `sniff` option `opened_socked=...` in documentation. – Yenjay Aug 09 '19 at 12:07
  • 1
    Did you try looking on the traffic in Wireshark? do you see drops there too? – Shir Aug 11 '19 at 07:40
  • 1
    Yes I checked wireshark and there is no such problem. It occurs only in scapy. – Yenjay Aug 13 '19 at 10:52

0 Answers0