This entry is part 3 of 11 in the series Building Network Tools with Scapy

Running Scapy

Scapy can be run in two different modes, interactively from a terminal window and programmatically from a Python script. Let’s start getting familiar with Scapy using the interactive mode.

The original (py2) scapy came with a short script to start interactive mode so from your terminal you can just type scapy:


However the scapy3k installer doesn’t provide this so I recommend adding a similar shortcut:

Paste the following & :wq

And make it executable so you can run:

Basic Scapy Commands

To see a list of what commands Scapy has available, run the lsc() function:


Note: I truncated this list to show the commands we will be discussing in this guide.

Wow, what a great list of commands! I’ll at least introduce most of these commands, and there are a few that we’ll use extensively. For the next few topics, we’ll specifically be covering: ls(), send(), sniff(), and sr*().

In fact, let’s go ahead and use one of those now to show off some of the amazing built in capabilities of Scapy! I’m going to sniff a single packet real quick and then we’ll play around with that.


So, what I’ve done here is defined a pkt variable that is equal to whatever sniff() returns. In this case, that will be a single packet since I’ve passed in the count argument with a value of 1. Our pkt now holds an array containing single packet. If we increased count to a value of 2 or greater, then sniff() will return an array of all those packets. I’ll show you how to access each packet individually a little bit later.

But wait, how does Scapy know that this packet contains Ethernet, IP and ICMP layers!? I’m glad you asked, Scapy has a wide range of built in protocol support. The list is much to long for me to print out here, so I’ll let you run this next command on your own. In Scapy Interactive mode, run the ls() command and just look at ALL the supported protocols.


As you can see, Scapy has a huge range of supported protocols. We’ll only work with a handful of those in the upcoming topics but feel free to dig into them more for your own network tools. To see the fields and default values for any protocol, just run the ls() function on the protocol like this:




Now that we have a better idea of the Scapy commands and protocol support, let’s dig into some packets.


Series Navigation<< Scapy p.02 – Installing Python and ScapyScapy p.04 – Looking at Packets >>

Leave a Reply

Your email address will not be published. Required fields are marked *