Recently I started to play with scapy - a powerful interactive packet manipulation and custom packet generation program written using Python. Please note that this tool is not for a new Linux / UNIX users. This tool requires extensive knowledge of network protocols, packets, layers and other hardcore networking concepts. This tool is extermly useful for
a] Understanding network headers
b] Testing network security
c] Write your own utilities using scapy
d] Decoding protocols etc
From the man page:
You can use this tool to check the security of your own network as it allows to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics such as VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.
Install scapy
Type the following command:
$ sudo apt-get install scapy
Getting started with scapy
Type scapy at a shell prompt:
$ scapy
Output:
Welcome to Scapy (v1.1.1 / f88d99910220) >>>
You need to type various commands at scapy prompt. For example, list all supported protocols enter ls():
>>> ls()
Output:
ARP : ARP ASN1_Packet : None BOOTP : BOOTP CookedLinux : cooked linux DHCP : DHCP options DNS : DNS DNSQR : DNS Question Record DNSRR : DNS Resource Record Dot11 : 802.11 Dot11ATIM : 802.11 ATIM Dot11AssoReq : 802.11 Association Request Dot11AssoResp : 802.11 Association Response Dot11Auth : 802.11 Authentication Dot11Beacon : 802.11 Beacon Dot11Deauth : 802.11 Deauthentication Dot11Disas : 802.11 Disassociation Dot11Elt : 802.11 Information Element Dot11ProbeReq : 802.11 Probe Request Dot11ProbeResp : 802.11 Probe Response Dot11ReassoReq : 802.11 Reassociation Request Dot11ReassoResp : 802.11 Reassociation Response Dot11WEP : 802.11 WEP packet Dot1Q : 802.1Q Dot3 : 802.3 EAP : EAP EAPOL : EAPOL Ether : Ethernet GPRS : GPRSdummy GRE : GRE HCI_ACL_Hdr : HCI ACL header HCI_Hdr : HCI header HSRP : HSRP ICMP : ICMP ICMPerror : ICMP in ICMP IP : IP IPerror : IP in ICMP IPv6 : IPv6 not implemented here. ISAKMP : ISAKMP ISAKMP_class : None ISAKMP_payload : ISAKMP payload ISAKMP_payload_Hash : ISAKMP Hash ISAKMP_payload_ID : ISAKMP Identification ISAKMP_payload_KE : ISAKMP Key Exchange ISAKMP_payload_Nonce : ISAKMP Nonce ISAKMP_payload_Proposal : IKE proposal ISAKMP_payload_SA : ISAKMP SA ISAKMP_payload_Transform : IKE Transform ISAKMP_payload_VendorID : ISAKMP Vendor ID IrLAPCommand : IrDA Link Access Protocol Command IrLAPHead : IrDA Link Access Protocol Header IrLMP : IrDA Link Management Protocol L2CAP_CmdHdr : L2CAP command header L2CAP_CmdRej : L2CAP Command Rej L2CAP_ConfReq : L2CAP Conf Req L2CAP_ConfResp : L2CAP Conf Resp L2CAP_ConnReq : L2CAP Conn Req L2CAP_ConnResp : L2CAP Conn Resp L2CAP_DisconnReq : L2CAP Disconn Req L2CAP_DisconnResp : L2CAP Disconn Resp L2CAP_Hdr : L2CAP header L2CAP_InfoReq : L2CAP Info Req L2CAP_InfoResp : L2CAP Info Resp LLC : LLC MGCP : MGCP MobileIP : Mobile IP (RFC3344) MobileIPRRP : Mobile IP Registration Reply (RFC3344) MobileIPRRQ : Mobile IP Registration Request (RFC3344) MobileIPTunnelData : Mobile IP Tunnel Data Message (RFC3519) NBNSNodeStatusResponse : NBNS Node Status Response NBNSNodeStatusResponseEnd : NBNS Node Status Response NBNSNodeStatusResponseService : NBNS Node Status Response Service NBNSQueryRequest : NBNS query request NBNSQueryResponse : NBNS query response NBNSQueryResponseNegative : NBNS query response (negative) NBNSRequest : NBNS request NBNSWackResponse : NBNS Wait for Acknowledgement Response NBTDatagram : NBT Datagram Packet NBTSession : NBT Session Packet NTP : NTP NetBIOS_DS : NetBIOS datagram service NetflowHeader : Netflow Header NetflowHeaderV1 : Netflow Header V1 NetflowRecordV1 : Netflow Record NoPayload : None PPP : PPP Link Layer PPPoE : PPP over Ethernet PPPoED : PPP over Ethernet Discovery Packet : None Padding : Padding PrismHeader : Prism header RIP : RIP header RIPEntry : RIP entry Radius : Radius Raw : Raw SMBMailSlot : SMB Mail Slot Protocol SMBNegociate_Protocol_Request_Header : SMBNegociate Protocol Request Header SMBNegociate_Protocol_Request_Tail : SMB Negociate Protocol Request Tail SMBNegociate_Protocol_Response_Advanced_Security : SMBNegociate Protocol Response Advanced Security SMBNegociate_Protocol_Response_No_Security : SMBNegociate Protocol Response No Security SMBNegociate_Protocol_Response_No_Security_No_Key : None SMBNetlogon_Protocol_Response_Header : SMBNetlogon Protocol Response Header SMBNetlogon_Protocol_Response_Tail_LM20 : SMB Netlogon Protocol Response Tail LM20 SMBNetlogon_Protocol_Response_Tail_SAM : SMB Netlogon Protocol Response Tail SAM SMBSession_Setup_AndX_Request : Session Setup AndX Request SMBSession_Setup_AndX_Response : Session Setup AndX Response SNAP : SNAP SNMP : None SNMPbulk : None SNMPget : None SNMPinform : None SNMPnext : None SNMPresponse : None SNMPset : None SNMPtrapv1 : None SNMPtrapv2 : None SNMPvarbind : None STP : Spanning Tree Protocol SebekHead : Sebek header SebekV1 : Sebek v1 SebekV2 : Sebek v3 SebekV2Sock : Sebek v2 socket SebekV3 : Sebek v3 SebekV3Sock : Sebek v2 socket Skinny : Skinny TCP : TCP TCPerror : TCP in ICMP UDP : UDP UDPerror : UDP in ICMP _IPv6OptionHeader : IPv6 not implemented here.
To list user commands, enter lsc():
>>> lsc()
Let us list ICMP segment structure, enter:
>>> ls(ICMP)
Output:
type : ByteEnumField = (8) code : ByteField = (0) chksum : XShortField = (None) id : XShortField = (0) seq : XShortField = (0)
scapy tutorial is beyond the scope of this blog. Try scapy man page and demo page here for more information:
$ man scapy
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Jan/28/2008
{ 3 comments… read them below or add one }
Hi,
Which Linux distribtuion have you used to successfully lunched Scapy? I have Suse Linux 10.2 and have tried all I can to have scapy running but have not succeeded so far.
There is no such command as this ($ sudo apt-get install scapy) used in Suse Linux for scapy installation. I manually downloaded the scapy tar.gz file from the web ans used tar -zxvf tar.gz file to unzip it. Then run the ./configure and make install commands but only received crapes from my command lines.
Please I would appreciate if you can tell me, which distribtuion works best with Scapy. Python is just perfectly installed but not my scapy.
Thanks
@ Adam,
I’ve tested this under Debian and Ubuntu. I suggest you try using yast / yast2 to install scapy under Suse.
Scapy now seemed to work BUT I have a big problem. I followed through the scapy documentation 2.0 (http://dirk-loss.de/scapy-doc/usage.html#interactive-tutorial) until when I tried to execute the script command >>> hexdump(a), it said something about python wrapper or it may have related to some sort of incomplete packages installation.
Do you what I might have done wrong? Can you please make a complete list of packages needed in Ubuntu that all work fine. Or should I do some configuration with my python. I have python2.5 and python2.6 on the system.
Thanks