Scapy p.05 – Sending our First Packet; ARP Response

This entry is part 5 of 11 in the series Building Network Tools with Scapy

With a good understanding of how to view our packets we can now move onto some packet generation. Let’s talk a bit about sniffing first and how existing packets are our best tool for creating new ones.

Sniff() function arguments

We’ve used the sniff() function a couple times already to capture some packets for viewing. I’m going to explain a little bit more about the sniff() function and its arguments. Continue reading

Scapy p.06 – Sending and Receiving with Scapy

This entry is part 6 of 11 in the series Building Network Tools with Scapy

We’ve sniffed some packets, dig down into packet layers and fields, and even sent some packets. Great job! It’s time to step up our game with Scapy and start really using some of the power Scapy contains. Please Note: this next example is for education and example only. Please be responsible on your network, especially at work!

Scapy Send/Receive Function

Let’s get familiar with the sr(), sr1(), srp(), and srp1() functions. Just like the send(), function, the ‘p’ at the end of the function name means that we’re sending at L2 instead of L3. The functions with a ‘1’ in them mean that Scapy will send the specified packet and end after receiving 1 answer/response instead of continuing to listen for answers/responses. I’ll reference both functions as sr(), but the examples will use the correct function.

Continue reading

Scapy p.07 – Monitoring ARP

This entry is part 7 of 11 in the series Building Network Tools with Scapy

Using Scapy in a Python Script

So far we’ve been working with Scapy in interactive mode. It’s very powerful but there are times when it would be easier to work with a Python script instead. In order to use Scapy, we have to import the Scapy module like this:

This will import all Scapy functions, but if you know that you will only need a few of the functions, you can import them individually as well like this:

Continue reading

Scapy p.08 – Making a Christmas Tree Packet

This entry is part 8 of 11 in the series Building Network Tools with Scapy

We’ve doing a lot of packet sniffing, analysis, and even some basic packet crafting of our own. With the ICMP packets we created, we only set the destination we wanted to use and let Scapy take care of the rest.

Taking Control of Protocol Fields

I want to show you how to take a bit more control over the packet creation process by creating a TCP Christmas Tree packet. I’ll let you read the details, just know that the name of this packet comes from every TCP header flag bit turned on (set to 1), so it can be said the packet is “lit up like a Christmas Tree.” Continue reading

Scapy p.09 – Scapy and DNS

This entry is part 9 of 11 in the series Building Network Tools with Scapy

We’ve been able to work with Ethernet, ARP, IP, ICMP, and TCP pretty easily so far thanks to Scapy’s built in protocol support. Next on our list of protocols to work with are UDP and DNS.

DNS Request and Response

Using the sr1() function, we can craft a DNS request and capture the returned DNS response. Since DNS runs over IP and UDP, we will need to use those in our packet: Continue reading

Scapy p.11 – Scapy Resources

This entry is part 11 of 11 in the series Building Network Tools with Scapy

I hope you had as much fun as I did getting started with Scapy. These are all starter ideas, but we’ve barely uncovered the tip of the iceberg. I’ll continue to write articles about cool Scapy tools I come up with but you should dig into the docs below and see what you find. If you have any questions or comments about this guide, feel free to contact me.

Online Resources

Continue reading