Scapy

What is Scapy?

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Installation

sudo apt-get update
pip install scapy

basic commands:

Starting scapy

$ scapy

I recommend you do it this way

$ sudo scapy

list all available protocols and their options.

>>> ls()

list all available functions.

>>> lsc()

show / configure parameters

>>> conf

if we want to exit scapy we use the following command:

>>> exit()

Here is an example of a (h)ping-like functionality : you always send the same set of packets to see if something change:

>>> srloop(IP(dst="www.infosecaddicts.com/30")/TCP())

Scapy has its own routing table, so that you can have your packets routed differently than the system:

Scapy also has a powerful TCP traceroute function. Unlike other traceroute programs that wait for each node to reply before going to the next, Scapy sends all the packets at the same time. This has the disadvantage that it can’t know when to stop (thus the maxttl parameter) but the great advantage that it took less than 3 seconds to get this multi-target traceroute result:

traceroute(["www.infosecaddicts.com","www.google.com","www.nytimes.com","www.copernic.com"],maxttl=20)

Now, let’s try to do some fun things.

The sr() function is for sending packets and receiving answers.

The function returns a couple of packet and answers, and the unanswered packets.

The function sr1() is a variant that only returns one packet that answered the packet (or the packet set) sent. The packets must be layer 3 packets (IP, ARP, etc.).

The function srp() do the same for layer 2 packets (Ethernet, 802.3, etc.). If there is, no response a None value will be assigned instead when the timeout is reached.

>>> a = sr1(IP(dst="www.infosecaddicts.com")/ICMP()/"XXXXXXXXXXX")

>> a

a.show()

>>> sr(IP(dst="192.168.1.24")/TCP(dport=[21,22,23]))

Summary:

Scapy is a really powerful and flexible interactive packet manipulator written in Python that allows you to snoop, generate mangled packages, send network packets, test equations, discover and scan networks, and develop new protocols in a trivial way.

Resources:

https://scapy.net/

https://media.readthedocs.org/pdf/scapy/latest/scapy.pdf

Avatar

This post was written by Ruben Dario Caravajal Herrera