About | Advertise | Contact | iEntry
Newsletter Archive | Article Archive | Submit Article

Introduction to Scapy


Joe Purcell Posted by

Scapy may be the most powerful tool available to network admins. It is an interactive program for packet manipulation that uses simple operations like sending and receiving packets or capturing and cloning them as building blocks for creating advanced network management tools.

Scapy is a python program available on any operating system, though it is built to run without modification on Linux. It operates on a number of protocols and can do all the basic tasks that other tools do such as traceroute, scanning, network discovery, and arp modification, as well as other fun things like wake-on-lan. It can also do much more advanced tasks that other tools don’t offer such as wireless injection.

As stated on Scapy’s site, this tool is set apart in that those who use it can create things the author didn’t imagine. Most tools are built for specific purposes, such as traceroute. On the other hand, Scapy allows you to build what you want. It can be thought of more like a framework or API for packet manipulation. Any time a new need comes along code can be written to meet the need rather than having to go find a new tool and learn how to use it. This tool gives more information and a closer look at what is actually happening on a network.

Stephen Thorne has a great presentation made for the Queensland Python User Group that goes over some good examples. One example is how to do a basic port scan as shown here:

ans, unans = sr(IP(dst='10.0.0.0/24')/TCP(dport=80), timeout=5)
for snd, rcv in ans:
     print snd.dst, 'port', snd.dport, 'open'

Another example he gives is a fun one: wake-on-lan. As he notes, network cards listen on any protocol for a packet that has six 0xFF bytes followed by the MAC address of the card 16 times. The example is rather simple, replace the MAC address with the computer you want to wake:

mac = '0003e48d0c71'.decode("hex"); eff = '\xff'
send(IP(dst='255.255.255.255') /UDP(dport=7) /Raw(eff*6 + mac*16))

To do the same on just Layer 2, one can replace the ‘send’ command with the following:

sendp(Ether(dst='ff:ff:ff:ff:ff:ff') /IP(dst='255.255.255.255') /UDP(dport=7) /Raw(eff*6 + mac*16))

Check out Jeremy Stretch’s introduction for some more basic examples of how to use this tool and Scapy’s site for how to build your own tools.

This entry was posted on Tuesday, August 16th, 2011 at 10:09 am and is filed under Uncategorized. You can leave a response, or trackback from your own site.

About the Author: Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.

One Response to “Introduction to Scapy”

  1. Network Newz » Blog Archive » An Iptables Eulogy, Part 1: Introduction Says:
    September 26th, 2011 at 11:05 am

    [...] Scapy is the most powerful tool for network admins, iptables is the most handy. This tutorial, or eulogy [...]

Leave a Reply

NetworkNewz
SmallBusinessNewz
ITManagementNews

Send me relevant info on
products and services.
Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
*URL:
*
*Indicates Mandatory Field

Terms & Conditions
Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact
NetWorkNewz is an iEntry Network ® publication © 1998-2009 All Rights Reserved Privacy Policy and Legal