{"id":13774915,"url":"https://github.com/milesrichardson/docker-nfqueue-scapy","last_synced_at":"2025-12-27T10:31:47.508Z","repository":{"id":70721845,"uuid":"83697608","full_name":"milesrichardson/docker-nfqueue-scapy","owner":"milesrichardson","description":"Docker container for intercepting packets with scapy from a netfilter queue (nfqueue)","archived":false,"fork":false,"pushed_at":"2017-03-03T19:45:39.000Z","size":11,"stargazers_count":80,"open_issues_count":0,"forks_count":9,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-11T07:33:37.703Z","etag":null,"topics":["docker","iptables","netfilter","nfqueue","python","scapy"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/milesrichardson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-03-02T16:08:31.000Z","updated_at":"2025-01-06T02:20:09.000Z","dependencies_parsed_at":"2023-04-25T21:03:09.195Z","dependency_job_id":null,"html_url":"https://github.com/milesrichardson/docker-nfqueue-scapy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/milesrichardson/docker-nfqueue-scapy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-nfqueue-scapy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-nfqueue-scapy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-nfqueue-scapy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-nfqueue-scapy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/milesrichardson","download_url":"https://codeload.github.com/milesrichardson/docker-nfqueue-scapy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milesrichardson%2Fdocker-nfqueue-scapy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28077500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-27T02:00:05.897Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","iptables","netfilter","nfqueue","python","scapy"],"created_at":"2024-08-03T17:01:31.726Z","updated_at":"2025-12-27T10:31:47.492Z","avatar_url":"https://github.com/milesrichardson.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"01f99d208e245eb44f15f720043b50d4\"\u003e\u003c/a\u003eScapy"],"sub_categories":[],"readme":"# docker-nfqueue-scapy\n\nDocker container with an example python script to listen for packets on\na netfilter queue and manipulate them with scapy. You can listen on any queue number, and you can push packets into the queue from any iptables rule. \nThis container gives you a powerful prototyping and debugging tool for monitoring, manipulating, dropping, accepting, requeing, or forwarding network packets in python.\nYou can read from a queue on the host with `--net=host --cap-add=NET_ADMIN`.\n Or, you can run it within another container's namespace to listen\nfor packets on an nfqueue in that container's network namespace.\n\nThis container includes a full installation of scapy and python netfilter queue\n(nfqueue) bindings, and an example python script `nfqueue_listener.py` to\nprint incoming packets on the queue.\n\nscapy: https://github.com/secdev/scapy\npython-netfilterqueue: https://github.com/kti/python-netfilterqueue\n\n## How to use\n\nClone this repository\n\n``` shell\ngit clone git@github.com:milesrichardson/docker-nfqueue-scapy.git\n```\n\nBuild the docker container. This will take a while because it includes the\nfull scapy install and all its dependencies. You can use any tag you want, but\nas an example here I'm using `nfqueuelistener`\n\n``` shell\ncd docker-nfqueue-scapy\nsudo docker build . -t nfqueuelistener\n```\n\n(Example)\n\nUse `iptables` on the host to send TCP packets destined for port `9001`\nto nfqueue `1`:\n\n``` shell\nsudo iptables -t raw \\\n -A PREROUTING \\\n -p tcp --destination-port 9001 \\\n -j NFQUEUE --queue-num 1\n```\n\nRun the docker container to listen for packets and print then accept any\nreceived packets.\n\n``` shell\nsudo docker run -it --rm \\\n --cap-add=NET_ADMIN \\\n --net=host \\\n --name=nfqueuelistener nfqueuelistener\n```\n\nFrom another machine, send some packets to test:\n\n``` shell\necho \"Hello\" | nc -v $HOST_IP_ADDRESS 9001\n```\n\nYou should see something like this:\n\n``` shell\nmiles@box:~/testing$ sudo docker run -it --rm --cap-add=NET_ADMIN --net=host --name=nfqueuelistener nfqueuelistener\nListening on NFQUEUE queue-num 1...\n\u003cIP version=4L ihl=5L tos=0x0 len=64 id=6387 flags=DF frag=0L ttl=55 proto=tcp chksum=0x6850 src=11.22.33.44 dst=44.55.66.77 options=[] |\u003cTCP sport=58164 dport=9001 seq=4038873318 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x67be urgptr=0 options=[('MSS', 1452), ('NOP', None), ('WScale', 5), ('NOP', None), ('NOP', None), ('Timestamp', (2615879909, 0)), ('SAckOK', ''), ('EOL', None)] |\u003e\u003e\n```\n\n## Setting the queue number\n\nThe default queue number is `1`. You can override this by setting the environment variable\n`QUEUE_NUM` when running the container. For example, for queue `2`:\n\n``` shell\nsudo docker run -it --rm \\\n -e 'QUEUE_NUM=2' \\\n --cap-add=NET_ADMIN \\\n --net=host \\\n --name=nfqueuelistener nfqueuelistener\n```\n\n## Editing the `nfqueue_listener.py` file\n\nOne way to edit the `nfqueue_listener.py` file is to simply edit it and then rebuild\nthe container with `sudo docker build . -t nfqueuelistener`. Since you are only\nediting the python file, building will not take as long as the first build.\n\nYou can find the documentation for the nfqueue library used at https://github.com/kti/python-netfilterqueue\n\n## Listening in another container's namespace\n\nI have not tested this, but it should work.\n\nSay you have another container `$CONTAINER_ID` and you want to intercept incoming\npackets in its namespace. You can run this docker container like:\n\n``` shell\nsudo docker run -it --rm \\\n --net=container:$CONTAINER_ID \\\n --name=nfqueuelistener nfqueuelistener\n```\n\nNote that you will need to run your `iptables` rules to send packets to the queue\nfrom within the `$CONTAINER_ID` container.\n\n## Other notes\n\nscapy is hardcoded version `2.3.2` because there is a bug in `2.3.3` causing\nscapy to fail on openstack deployments. The bug is actually upstream in openstack,\nand has been fixed, but this caused problems for me testing on packet.net where\nthey have apparently not updated openstack yet.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmilesrichardson%2Fdocker-nfqueue-scapy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmilesrichardson%2Fdocker-nfqueue-scapy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmilesrichardson%2Fdocker-nfqueue-scapy/lists"}