Scapy

Series: Building Network Tools with Scapy

May - 2019

Scapy p.01
Scapy Introduction and Overview
Scapy p.02
Installing Python and Scapy
Scapy p.03
Scapy Interactive Mode
Scapy p.04
Looking at Packets
Scapy p.05
Sending our First Packet; ARP Response
Scapy p.06
Sending and Receiving with Scapy
Scapy p.07
Monitoring ARP
Scapy p.08
Making a Christmas Tree Packet
Scapy p.09
Scapy and DNS
Scapy p.10
Emulating nmap Functions
Scapy p.11
Scapy Resources

Series: Scapy Sniffing with Custom Actions

May - 2019

Scapy Sniffing with Custom Actions
Part 2
Scapy Sniffing with Custom Actions
Part 1

Importing packets from trace files with Scapy

Sep - 2014 (~4 minutes read time)

Scapy is amazingly flexible when it comes to creating packets, but in some cases you may want to mangle or change packets that you've sniffed and saved in a trace file. Scapy currently supports .cap, .pcap, and .pcapng files. Reading these files are possible through the rdpcap() function:

localhost:~ packetgeek$ scapy
>>> packets = rdpcap('IBGP_adjacency.cap')
>>> packets
<IBGP_adjacency.cap: TCP:17 UDP:0 ICMP:0 Other:0>

Writing Packets to Trace File with Scapy

May - 2015 (~1 minutes read time)

This is a follow-up post to accompany the previous importing packets from trace files with scapy post. So you've sniffed or generated some packets with scapy and it's time to write them to file to analyze and double-check your work. Here's a simple example of how to save those packets.

localhost:~ packetgeek$ scapy
>>> packets = sniff(count=10)
>>> packets
<Sniffed: TCP:0 UDP:3 ICMP:0 Other:7>
>>> wrpcap('sniffed.pcap', packets)

thePacketGeek

Scapy

Series: Building Network Tools with Scapy

Series: Scapy Sniffing with Custom Actions