nixCraft Poll

• Your Favorite Open Source CMS

  • Joomla (26%, 544 Votes)
  • Drupal (24%, 502 Votes)
  • WordPress (15%, 314 Votes)
  • Other (12%, 258 Votes)
  • MediaWiki (6%, 117 Votes)
  • Plone (5%, 106 Votes)
  • PHP-Nuke (5%, 97 Votes)
  • Typo (4%, 80 Votes)
  • Mambo (3%, 54 Votes)
  • eZ Publish (1%, 25 Votes)

  Total Voters: 2,097

   Loading ...

• Polls Archive

• nixCraft welcomes readers' articles and guest blogging posts. We're interested in articles on programming, security, database, Linux and anything else related to technology.

Topics

• Debian Linux
• Hardware
• Linux
• Security
• UNIX
• Ubuntu Linux
• See all topics...

scapy - Interactive Packet Manipulation / Generation Tool for Linux / UNIX

Recently I started to play with scapy - a powerful interactive packet manipulation and custom packet generation program written using Python. Please note that this tool is not for a new Linux / UNIX users. This tool requires extensive knowledge of network protocols, packets, layers and other hardcore networking concepts. This tool is extermly useful for
a] Understanding network headers
b] Testing network security
c] Write your own utilities using scapy
d] Decoding protocols etc

From the man page:

You can use this tool to check the security of your own network as it allows to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics such as VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.

Install scapy

Type the following command:
$ sudo apt-get install scapy

Getting started with scapy

Type scapy at a shell prompt:
$ scapy
Output:

Welcome to Scapy (v1.1.1 / f88d99910220)
>>> 

You need to type various commands at scapy prompt. For example, list all supported protocols enter ls():
>>> ls()
Output:

ARP        : ARP
ASN1_Packet : None
BOOTP      : BOOTP
CookedLinux : cooked linux
DHCP       : DHCP options
DNS        : DNS
DNSQR      : DNS Question Record
DNSRR      : DNS Resource Record
Dot11      : 802.11
Dot11ATIM  : 802.11 ATIM
Dot11AssoReq : 802.11 Association Request
Dot11AssoResp : 802.11 Association Response
Dot11Auth  : 802.11 Authentication
Dot11Beacon : 802.11 Beacon
Dot11Deauth : 802.11 Deauthentication
Dot11Disas : 802.11 Disassociation
Dot11Elt   : 802.11 Information Element
Dot11ProbeReq : 802.11 Probe Request
Dot11ProbeResp : 802.11 Probe Response
Dot11ReassoReq : 802.11 Reassociation Request
Dot11ReassoResp : 802.11 Reassociation Response
Dot11WEP   : 802.11 WEP packet
Dot1Q      : 802.1Q
Dot3       : 802.3
EAP        : EAP
EAPOL      : EAPOL
Ether      : Ethernet
GPRS       : GPRSdummy
GRE        : GRE
HCI_ACL_Hdr : HCI ACL header
HCI_Hdr    : HCI header
HSRP       : HSRP
ICMP       : ICMP
ICMPerror  : ICMP in ICMP
IP         : IP
IPerror    : IP in ICMP
IPv6       : IPv6 not implemented here.
ISAKMP     : ISAKMP
ISAKMP_class : None
ISAKMP_payload : ISAKMP payload
ISAKMP_payload_Hash : ISAKMP Hash
ISAKMP_payload_ID : ISAKMP Identification
ISAKMP_payload_KE : ISAKMP Key Exchange
ISAKMP_payload_Nonce : ISAKMP Nonce
ISAKMP_payload_Proposal : IKE proposal
ISAKMP_payload_SA : ISAKMP SA
ISAKMP_payload_Transform : IKE Transform
ISAKMP_payload_VendorID : ISAKMP Vendor ID
IrLAPCommand : IrDA Link Access Protocol Command
IrLAPHead  : IrDA Link Access Protocol Header
IrLMP      : IrDA Link Management Protocol
L2CAP_CmdHdr : L2CAP command header
L2CAP_CmdRej : L2CAP Command Rej
L2CAP_ConfReq : L2CAP Conf Req
L2CAP_ConfResp : L2CAP Conf Resp
L2CAP_ConnReq : L2CAP Conn Req
L2CAP_ConnResp : L2CAP Conn Resp
L2CAP_DisconnReq : L2CAP Disconn Req
L2CAP_DisconnResp : L2CAP Disconn Resp
L2CAP_Hdr  : L2CAP header
L2CAP_InfoReq : L2CAP Info Req
L2CAP_InfoResp : L2CAP Info Resp
LLC        : LLC
MGCP       : MGCP
MobileIP   : Mobile IP (RFC3344)
MobileIPRRP : Mobile IP Registration Reply (RFC3344)
MobileIPRRQ : Mobile IP Registration Request (RFC3344)
MobileIPTunnelData : Mobile IP Tunnel Data Message (RFC3519)
NBNSNodeStatusResponse : NBNS Node Status Response
NBNSNodeStatusResponseEnd : NBNS Node Status Response
NBNSNodeStatusResponseService : NBNS Node Status Response Service
NBNSQueryRequest : NBNS query request
NBNSQueryResponse : NBNS query response
NBNSQueryResponseNegative : NBNS query response (negative)
NBNSRequest : NBNS request
NBNSWackResponse : NBNS Wait for Acknowledgement Response
NBTDatagram : NBT Datagram Packet
NBTSession : NBT Session Packet
NTP        : NTP
NetBIOS_DS : NetBIOS datagram service
NetflowHeader : Netflow Header
NetflowHeaderV1 : Netflow Header V1
NetflowRecordV1 : Netflow Record
NoPayload  : None
PPP        : PPP Link Layer
PPPoE      : PPP over Ethernet
PPPoED     : PPP over Ethernet Discovery
Packet     : None
Padding    : Padding
PrismHeader : Prism header
RIP        : RIP header
RIPEntry   : RIP entry
Radius     : Radius
Raw        : Raw
SMBMailSlot : SMB Mail Slot Protocol
SMBNegociate_Protocol_Request_Header : SMBNegociate Protocol Request Header
SMBNegociate_Protocol_Request_Tail : SMB Negociate Protocol Request Tail
SMBNegociate_Protocol_Response_Advanced_Security : SMBNegociate Protocol Response Advanced Security
SMBNegociate_Protocol_Response_No_Security : SMBNegociate Protocol Response No Security
SMBNegociate_Protocol_Response_No_Security_No_Key : None
SMBNetlogon_Protocol_Response_Header : SMBNetlogon Protocol Response Header
SMBNetlogon_Protocol_Response_Tail_LM20 : SMB Netlogon Protocol Response Tail LM20
SMBNetlogon_Protocol_Response_Tail_SAM : SMB Netlogon Protocol Response Tail SAM
SMBSession_Setup_AndX_Request : Session Setup AndX Request
SMBSession_Setup_AndX_Response : Session Setup AndX Response
SNAP       : SNAP
SNMP       : None
SNMPbulk   : None
SNMPget    : None
SNMPinform : None
SNMPnext   : None
SNMPresponse : None
SNMPset    : None
SNMPtrapv1 : None
SNMPtrapv2 : None
SNMPvarbind : None
STP        : Spanning Tree Protocol
SebekHead  : Sebek header
SebekV1    : Sebek v1
SebekV2    : Sebek v3
SebekV2Sock : Sebek v2 socket
SebekV3    : Sebek v3
SebekV3Sock : Sebek v2 socket
Skinny     : Skinny
TCP        : TCP
TCPerror   : TCP in ICMP
UDP        : UDP
UDPerror   : UDP in ICMP
_IPv6OptionHeader : IPv6 not implemented here.

To list user commands, enter lsc():
>>> lsc()
Let us list ICMP segment structure, enter:
>>> ls(ICMP)
Output:

type       : ByteEnumField        = (8)
code       : ByteField            = (0)
chksum     : XShortField          = (None)
id         : XShortField          = (0)
seq        : XShortField          = (0)

scapy tutorial is beyond the scope of this blog. Try scapy man page and demo page here for more information:
$ man scapy

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

• Understanding UNIX and Linux Regular expressions (regex)
• Linux Iptables Firewall: Log IP or TCP Packet Header
• NMAP - Network exploration tool and security / port scanner v4.0 released
• Linux install the 3D accelerated nVidia drivers
• Linux PDF editor for manipulating PDF documents

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

Tags: arp cache, custom packet, encrypted channel, generation program, Linux, man page, manipulation, network discovery, network protocols, network security, networking concepts, python, scapy, shell, understanding network, unit tests, UNIX, unix users, wep

Search

Advertisements

Would you like to...

• Print this page
• Email this page

more ~/options

• About us
• Testimonials
• Contact us

Archives

• Select Month July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004

nixCraft RSS Feeds

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.