Scapy is a tool that enables the user to craft, sniff and forge network packets. In other words, it is a powerful interactive packet manipulation tool written in python by Philippe Biondi. It can easily handle most tasks like scanning, tracerouting, probing, attacks or network discovery in a network. It can replace hping, arpspoof, arping, and even some part of Nmap, tcpdump, & tshark. Mainly operates two Scenario: sending packets and receiving packets.
You will get an interactive terminal when you write command in the terminal.
Now let’s create via Scapy tool in Terminal
Here, in fig.2 “a” is the variable that we have taken to store our packet values in it. “TCP()/IP()” is the packet that we are crafting here.
a.show() is used to show the fields of the packets.
Now, let’s manipulate the packet.
Scapy tries to use sensible default values for all packet fields. If not overridden,
- IP source is chosen according to destination and routing table
- Checksum is computed
- Source MAC is chosen according to the output interface
- Ethernet type and IP protocol are determined by the upper layer
Other fields’ default values are chosen to be the most useful ones:
- The TCP source port is 20, the destination port is 80.
- UDP source and destination ports are 53.
- ICMP type is echo request.
So, to manipulate the packet you need to give the commands as shown in Fig.4
Now, to check if all the fields are set, we can give the command as shown in Fig.5
Now that we know how to manipulate the packet. Let’s see how to send them. The send() function will send the packets as shown in To send a packet more than one time you can give the command as shown in Fig.7
As you can see the packet has been crafted and now, we can send it.
From the above figure, you can see the results that we have got. For more in-depth information on Scapy you can also refer to the documentation by Philippe Biondi. We can do a lot using Scapy functions and modules.
cybersecurity blog's https://icssindia.in/blog
