<p>如果目标是在从特定IP接收特定数据包时停止<code>sniff</code>,则正确的方法是将<code>stop_filter</code>传递给<code>sniff</code>函数,如下面复制的文档中所指定。</p>
<pre><code>>>> print sniff.__doc__
Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args) -> list of packets
count: number of packets to capture. 0 means infinity
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
offline: pcap file to read packets from, instead of sniffing them
timeout: stop sniffing after a given time (default: None)
L2socket: use the provided L2socket
opened_socket: provide an object ready to use .recv() on
stop_filter: python function applied to each packet to determine
if we have to stop the capture after this packet
ex: stop_filter = lambda x: x.haslayer(TCP)
</code></pre>
<p>下面是一些示例代码,可以停止对来自特定IP的数据包的嗅探。</p>
<pre><code>from scapy.all import *
def stopfilter(x):
if x[IP].dst == '23.212.52.66':
return True
else
return False
sniff(iface="wlan0", filter='tcp', stop_filter=stopfilter)
</code></pre>