scapy
After the last tutorial, you must have gained enough understanding about what you can do using dpkt
module. In this lesson we will have a look at another python module which allows us to send, sniff, dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.
scapy
?You might wonder why do we want to use scapy
when we already have dpkt
module. Aren't they doing the same thing! Well not exactly, the fact is that scapy
provides us with a lot more functionalities than any other tool or module.
Apart from its basic usage to sniff network packets, scapy
also performs other tasks, that most of the other tools can't do, like sending invalid frames, injecting your own 802.11 frames, combining techniques(VLAN hopping + ARP cache poisoning, VOIP decoding on WEP encrypted channel etc.) etc.
802.11 frames are basically wireless frame packets which cannot be manipulated using dpkt
library.
So come, let's not waste any more time and install scapy
:
sudo pip install scapy
Or to download the package and install it, follow the link here.
scapy
If you are running a terminal session (Mac OSx users) or if you are a linux user, then:
$ sudo scapy
Welcome to Scapy (2.0.1-dev) >>>
If you are a Windows user, then:
C:\>scapy
INFO: No IPv6 support in kernel WARNING: No route found for IPv6 destination :: (no default route?) Welcome to Scapy (2.0.1-dev) >>>
If you don't have all optional packages installed, scapy will inform you that some features will not be available:
INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
pcap
filesYou can read packets from a pcap
file and write them to another pcap
file.
>>> a = rdpcap("/home/ntal8/Desktop/bkp_pcap/rawcap.pcap")
>>> a
<rawcap.pcap: TCP:749 UDP:134 ICMP:0 Other:2>
scapy
's featuresscapy
sends all the packets at the same time.
The last line is in fact the result of the function: A traceroute result object and a packet list of unanswered packets.
TCP SYN
on each port. Wait for a SYN-ACK
or an RST
or an ICMP
error.
>>> res,unans = sr( IP(dst = "target")
... /TCP(flags="S", dport=(1,1024)) )
Possible result visualization: open ports
>>> res.nsummary( lfilter=lambda (s,r): (r.haslayer(TCP) and (r.getlayer(TCP).flags & 2)) )
To know more about the fuctionalities and features of scapy
, visit scapy's Official Documentation.