Exception: tcpdump is not available

[imperio-wxm]

• Linux version 2.6.32-431.el6.x86_64 (mockbuild@c6b8.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) Windows: use Winpcap, drop DNET dependency #1 SMP Fri Nov 22 03:15:09 UTC 2013
• Python 2.7.11
• scapy 2.4.3
• tcpdump-4.0.0-11.20090921gitdf3cb4.2.el6.x86_64

MyCode:

#!/usr/bin/python
#coding:utf-8

import sys
reload(sys)
sys.setdefaultencoding('utf-8')

from scapy.all import *

def pack_callback(packet):
    line = raw(packet[TCP].payload)
    if len(line) != 0 and line.strip() != '':
        print(line)

if __name__ == '__main__':
    dpkt = sniff(filter='ip dst xx.xx.xx.xx and tcp and tcp port xxx',iface='eth1',prn=pack_callback, count=0)

Get Error

  File "/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy/sendrecv.py", line 972, in sniff
    sniffer._run(*args, **kwargs)
  File "/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy/sendrecv.py", line 842, in _run
    *arg, **karg)] = iface
  File "/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy/arch/linux.py", line 475, in __init__
    attach_filter(self.ins, filter, iface)
  File "/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy/arch/linux.py", line 160, in attach_filter
    bp = compile_filter(bpf_filter, iface)
  File "/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy/arch/common.py", line 165, in compile_filter
    raise Scapy_Exception("tcpdump is not available. Cannot use filter !")
scapy.error.Scapy_Exception: tcpdump is not available. Cannot use filter !
Exception socket.error: error(99, 'Cannot assign requested address') in <bound method L2ListenSocket.__del__ of <scapy.arch.linux.L2ListenSocket object at 0x7f2dec32ef90>> ignored

The exception is: tcpdump is not available. Cannot use filter

However, tcpdump is already installed on the machine.

tcpdump -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

6 packets captured
597 packets received by filter
561 packets dropped by kernel

[gpotter2]

Hi and thanks for the report !

That's one of the things I was almost certain would break on some platforms 😄

It should be fixed in #2225, could you please try it out and confirm ?

Thanks !

[imperio-wxm]

@gpotter2

Hi, I found that your changes have not been merged yet.

How should I install, pull your branch?

[gpotter2]

You can download [edited out: outdated]
Unzip it and

sudo python setup.py install

Or you could clone the branch in question and do the same.

[imperio-wxm]

@gpotter2

Sorry, I got this error when run sudo python setup.py install:

byte-compiling build/bdist.linux-x86_64/egg/scapy/tools/generate_ethertypes.py to generate_ethertypes.pyc
  File "build/bdist.linux-x86_64/egg/scapy/tools/generate_ethertypes.py", line 23
    reg = rb".*ETHERTYPE_([^\s]+)\s.0x([0-9A-Fa-f]+).*\/\*(.*)\*\/"
                                                                  ^
SyntaxError: invalid syntax

byte-compiling build/bdist.linux-x86_64/egg/scapy/tools/UTscapy.py to UTscapy.pyc
byte-compiling build/bdist.linux-x86_64/egg/scapy/extlib.py to extlib.pyc
byte-compiling build/bdist.linux-x86_64/egg/scapy/fields.py to fields.pyc
byte-compiling build/bdist.linux-x86_64/egg/scapy/asn1packet.py to asn1packet.pyc
installing package data to build/bdist.linux-x86_64/egg
running install_data
creating build/bdist.linux-x86_64/egg/share
creating build/bdist.linux-x86_64/egg/share/man
creating build/bdist.linux-x86_64/egg/share/man/man1
copying doc/scapy.1 -> build/bdist.linux-x86_64/egg/share/man/man1
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/requires.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying scapy.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
creating 'dist/scapy-git_archive.dev23a162e9a-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing scapy-git_archive.dev23a162e9a-py2.7.egg
removing '/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy-git_archive.dev23a162e9a-py2.7.egg' (and everything under it)
creating /usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy-git_archive.dev23a162e9a-py2.7.egg
Extracting scapy-git_archive.dev23a162e9a-py2.7.egg to /usr/local/Python-2.7.11/lib/python2.7/site-packages
  File "/usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy-git_archive.dev23a162e9a-py2.7.egg/scapy/tools/generate_ethertypes.py", line 23
    reg = rb".*ETHERTYPE_([^\s]+)\s.0x([0-9A-Fa-f]+).*\/\*(.*)\*\/"
                                                                  ^
SyntaxError: invalid syntax

scapy git-archive.dev23a162e9a is already the active version in easy-install.pth
Installing UTscapy script to /usr/local/Python-2.7.11/bin
Installing scapy script to /usr/local/Python-2.7.11/bin

Installed /usr/local/Python-2.7.11/lib/python2.7/site-packages/scapy-git_archive.dev23a162e9a-py2.7.egg
Processing dependencies for scapy===git-archive.dev23a162e9a
Finished processing dependencies for scapy===git-archive.dev23a162e9a

[gpotter2]

Thanks for the report. I've just pushed a fix 😄
Please retry with a newly downloaded zip.

[imperio-wxm]

@gpotter2

Thank you, it works.

[mengelsen]

You can download https://github.com/gpotter2/scapy/archive/tcpdump-fix.zip
Unzip it and

sudo python setup.py install

Or you could clone the branch in question and do the same.

When I attempt to download your zipped file, I am instead finding myself presented with a .dms file. (Which I cannot unzip/uncompress.)

[gpotter2]

Patch is integrated in master, or 2.4.4+, follow the docs to download master branch.

Update: tcpdump is no longer used. See #2336