nixCraft Poll

Topics

scapy - Interactive Packet Manipulation / Generation Tool for Linux / UNIX

Posted by Vivek Gite [Last updated: January 28, 2008]

Recently I started to play with scapy - a powerful interactive packet manipulation and custom packet generation program written using Python. Please note that this tool is not for a new Linux / UNIX users. This tool requires extensive knowledge of network protocols, packets, layers and other hardcore networking concepts. This tool is extermly useful for
a] Understanding network headers
b] Testing network security
c] Write your own utilities using scapy
d] Decoding protocols etc

From the man page:

You can use this tool to check the security of your own network as it allows to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics such as VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.

Install scapy

Type the following command:
$ sudo apt-get install scapy

Getting started with scapy

Type scapy at a shell prompt:
$ scapy
Output:

Welcome to Scapy (v1.1.1 / f88d99910220)
>>> 

You need to type various commands at scapy prompt. For example, list all supported protocols enter ls():
>>> ls()
Output:

ARP        : ARP
ASN1_Packet : None
BOOTP      : BOOTP
CookedLinux : cooked linux
DHCP       : DHCP options
DNS        : DNS
DNSQR      : DNS Question Record
DNSRR      : DNS Resource Record
Dot11      : 802.11
Dot11ATIM  : 802.11 ATIM
Dot11AssoReq : 802.11 Association Request
Dot11AssoResp : 802.11 Association Response
Dot11Auth  : 802.11 Authentication
Dot11Beacon : 802.11 Beacon
Dot11Deauth : 802.11 Deauthentication
Dot11Disas : 802.11 Disassociation
Dot11Elt   : 802.11 Information Element
Dot11ProbeReq : 802.11 Probe Request
Dot11ProbeResp : 802.11 Probe Response
Dot11ReassoReq : 802.11 Reassociation Request
Dot11ReassoResp : 802.11 Reassociation Response
Dot11WEP   : 802.11 WEP packet
Dot1Q      : 802.1Q
Dot3       : 802.3
EAP        : EAP
EAPOL      : EAPOL
Ether      : Ethernet
GPRS       : GPRSdummy
GRE        : GRE
HCI_ACL_Hdr : HCI ACL header
HCI_Hdr    : HCI header
HSRP       : HSRP
ICMP       : ICMP
ICMPerror  : ICMP in ICMP
IP         : IP
IPerror    : IP in ICMP
IPv6       : IPv6 not implemented here.
ISAKMP     : ISAKMP
ISAKMP_class : None
ISAKMP_payload : ISAKMP payload
ISAKMP_payload_Hash : ISAKMP Hash
ISAKMP_payload_ID : ISAKMP Identification
ISAKMP_payload_KE : ISAKMP Key Exchange
ISAKMP_payload_Nonce : ISAKMP Nonce
ISAKMP_payload_Proposal : IKE proposal
ISAKMP_payload_SA : ISAKMP SA
ISAKMP_payload_Transform : IKE Transform
ISAKMP_payload_VendorID : ISAKMP Vendor ID
IrLAPCommand : IrDA Link Access Protocol Command
IrLAPHead  : IrDA Link Access Protocol Header
IrLMP      : IrDA Link Management Protocol
L2CAP_CmdHdr : L2CAP command header
L2CAP_CmdRej : L2CAP Command Rej
L2CAP_ConfReq : L2CAP Conf Req
L2CAP_ConfResp : L2CAP Conf Resp
L2CAP_ConnReq : L2CAP Conn Req
L2CAP_ConnResp : L2CAP Conn Resp
L2CAP_DisconnReq : L2CAP Disconn Req
L2CAP_DisconnResp : L2CAP Disconn Resp
L2CAP_Hdr  : L2CAP header
L2CAP_InfoReq : L2CAP Info Req
L2CAP_InfoResp : L2CAP Info Resp
LLC        : LLC
MGCP       : MGCP
MobileIP   : Mobile IP (RFC3344)
MobileIPRRP : Mobile IP Registration Reply (RFC3344)
MobileIPRRQ : Mobile IP Registration Request (RFC3344)
MobileIPTunnelData : Mobile IP Tunnel Data Message (RFC3519)
NBNSNodeStatusResponse : NBNS Node Status Response
NBNSNodeStatusResponseEnd : NBNS Node Status Response
NBNSNodeStatusResponseService : NBNS Node Status Response Service
NBNSQueryRequest : NBNS query request
NBNSQueryResponse : NBNS query response
NBNSQueryResponseNegative : NBNS query response (negative)
NBNSRequest : NBNS request
NBNSWackResponse : NBNS Wait for Acknowledgement Response
NBTDatagram : NBT Datagram Packet
NBTSession : NBT Session Packet
NTP        : NTP
NetBIOS_DS : NetBIOS datagram service
NetflowHeader : Netflow Header
NetflowHeaderV1 : Netflow Header V1
NetflowRecordV1 : Netflow Record
NoPayload  : None
PPP        : PPP Link Layer
PPPoE      : PPP over Ethernet
PPPoED     : PPP over Ethernet Discovery
Packet     : None
Padding    : Padding
PrismHeader : Prism header
RIP        : RIP header
RIPEntry   : RIP entry
Radius     : Radius
Raw        : Raw
SMBMailSlot : SMB Mail Slot Protocol
SMBNegociate_Protocol_Request_Header : SMBNegociate Protocol Request Header
SMBNegociate_Protocol_Request_Tail : SMB Negociate Protocol Request Tail
SMBNegociate_Protocol_Response_Advanced_Security : SMBNegociate Protocol Response Advanced Security
SMBNegociate_Protocol_Response_No_Security : SMBNegociate Protocol Response No Security
SMBNegociate_Protocol_Response_No_Security_No_Key : None
SMBNetlogon_Protocol_Response_Header : SMBNetlogon Protocol Response Header
SMBNetlogon_Protocol_Response_Tail_LM20 : SMB Netlogon Protocol Response Tail LM20
SMBNetlogon_Protocol_Response_Tail_SAM : SMB Netlogon Protocol Response Tail SAM
SMBSession_Setup_AndX_Request : Session Setup AndX Request
SMBSession_Setup_AndX_Response : Session Setup AndX Response
SNAP       : SNAP
SNMP       : None
SNMPbulk   : None
SNMPget    : None
SNMPinform : None
SNMPnext   : None
SNMPresponse : None
SNMPset    : None
SNMPtrapv1 : None
SNMPtrapv2 : None
SNMPvarbind : None
STP        : Spanning Tree Protocol
SebekHead  : Sebek header
SebekV1    : Sebek v1
SebekV2    : Sebek v3
SebekV2Sock : Sebek v2 socket
SebekV3    : Sebek v3
SebekV3Sock : Sebek v2 socket
Skinny     : Skinny
TCP        : TCP
TCPerror   : TCP in ICMP
UDP        : UDP
UDPerror   : UDP in ICMP
_IPv6OptionHeader : IPv6 not implemented here.

To list user commands, enter lsc():
>>> lsc()
Let us list ICMP segment structure, enter:
>>> ls(ICMP)
Output:

type       : ByteEnumField        = (8)
code       : ByteField            = (0)
chksum     : XShortField          = (None)
id         : XShortField          = (0)
seq        : XShortField          = (0)

scapy tutorial is beyond the scope of this blog. Try scapy man page and demo page here for more information:
$ man scapy

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in other helpful articles:

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , , , , , , , , , , , , , , , , , ,

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.