This entry is part 3 of 11 in the series Building Network Tools with Scapy

Running Scapy

Scapy can be run in two different modes, interactively from a terminal window and programmatically from a Python script. Let’s start getting familiar with Scapy using the interactive mode.

The original (py2) scapy came with a short script to start interactive mode so from your terminal you can just type scapy:

 

However the scapy3k installer doesn’t provide this so I recommend adding a similar shortcut:

Paste the following & :wq

And make it executable so you can run:

Basic Scapy Commands

To see a list of what commands Scapy has available, run the lsc() function:

 

Note: I truncated this list to show the commands we will be discussing in this guide.

Wow, what a great list of commands! I’ll at least introduce most of these commands, and there are a few that we’ll use extensively. For the next few topics, we’ll specifically be covering: ls(), send(), sniff(), and sr*().

In fact, let’s go ahead and use one of those now to show off some of the amazing built in capabilities of Scapy! I’m going to sniff a single packet real quick and then we’ll play around with that.

 

So, what I’ve done here is defined a pkt variable that is equal to whatever sniff() returns. In this case, that will be a single packet since I’ve passed in the count argument with a value of 1. Our pkt now holds an array containing single packet. If we increased count to a value of 2 or greater, then sniff() will return an array of all those packets. I’ll show you how to access each packet individually a little bit later.

But wait, how does Scapy know that this packet contains Ethernet, IP and ICMP layers!? I’m glad you asked, Scapy has a wide range of built in protocol support. The list is much to long for me to print out here, so I’ll let you run this next command on your own. In Scapy Interactive mode, run the ls() command and just look at ALL the supported protocols.

 

As you can see, Scapy has a huge range of supported protocols. We’ll only work with a handful of those in the upcoming topics but feel free to dig into them more for your own network tools. To see the fields and default values for any protocol, just run the ls() function on the protocol like this:

 

 

 

Now that we have a better idea of the Scapy commands and protocol support, let’s dig into some packets.

 

Series Navigation<< Scapy p.02 – Installing Python and ScapyScapy p.04 – Looking at Packets >>

This article has 7 comments

  1. Kashif

    ‘To add a shortcut for scapy3’ is not working for me. I used nano editor to create scapy3.py file and wrote the commands in but wasn’t able to create shortcut. Also tried without .py extension but in vain.
    I have Python 3.4 installed on my RPI module and installation directory for scapy is, /usr/local/lib/pzthon3.4/dist-packages/scapy
    Can you guide me here where I went wrong?

      1. Mat

        Yes, the directory I listed is not a real directory, just any path that is in your PATH envvar (Or you can add a new path). Also, “/usr/local/lib/python3.4/dist-packages/scapy” is only valid on your system with python 3.4 🙂

        1. Kashif Ahmad

          Yes of course 😀 Python 3.4 is installed on my system and I have posted my installation directory of scapy above. I followed the procedure you mentioned but couldn’t succeed. I don’t know what am I missing. should I create a file with “.py” extension inside scapy folder and paste the code you mentioned above? 

          1. Kashif Ahmad

            By following your procedure I am able to run scapy3 with the command of “./scapy3.py” but unable to do as you mentioned above. I am pretty new to this stuff so I apologise if I am taking too long to understand. Thanks for your help as well.

          2. Mat

            Assuming you’re on a unix based system by your path above, this should do the trick:

            Find a directory currently in your path:
            $ echo $PATH
            (/usr/local/bin is probably fine)

            vim/nano, or somehow create a file in that directory with the filename of scapy (no .py extension)

            Paste the example above in that file, and use the chmod command to make it executable.

            Now you can type scapy at the command line and open a scapy3 interactive session

  2. Kashif Ahmad

    Super, its working perfectly now. I followed your answer and got it. Many thanks. I am learning a lot from this guide thanks for posting such an interactive guide. Plus, Can you mention me a useful blog or post like this for adding new protocol layers into scapy? As I can’t really understand much from the guide provided by scapy documentation and can’t find it on google too. Although still searching.
    Many thanks once again.

Leave a Reply

Your email address will not be published. Required fields are marked *