- Scapy p.01 – Scapy Introduction and Overview
- Scapy p.02 – Installing Python and Scapy
- Scapy p.03 – Scapy Interactive Mode
- Scapy p.04 – Looking at Packets
- Scapy p.05 – Sending our First Packet; ARP Response
- Scapy p.06 – Sending and Receiving with Scapy
- Scapy p.07 – Monitoring ARP
- Scapy p.08 – Making a Christmas Tree Packet
- Scapy p.09 – Scapy and DNS
- Scapy p.10 – Emulating nmap Functions
- Scapy p.11 – Scapy Resources
We’ve doing a lot of packet sniffing, analysis, and even some basic packet crafting of our own. With the ICMP packets we created, we only set the destination we wanted to use and let Scapy take care of the rest.
Taking Control of Protocol Fields
I want to show you how to take a bit more control over the packet creation process by creating a TCP Christmas Tree packet. I’ll let you read the details, just know that the name of this packet comes from every TCP header flag bit turned on (set to 1), so it can be said the packet is “lit up like a Christmas Tree.” Here’s how we can build this with Scapy:
#! /usr/bin/env python3
from random import randint
from scapy.all import IP, TCP, send
# Create the skeleton of our packet
template = IP(dst="172.16.20.10")/TCP()
# Start lighting up those bits!
template[TCP].flags = 'UFP'
# Create a list with a large number of packets to send
# Each packet will have a random TCP dest port for attack obfuscation
xmas = 
for pktNum in range(0,100):
xmas[pktNum][TCP].dport = randint(1,65535)
# Send the list of packets
Sent 100 packets.
Although we don’t get much output from the
send() function, and no option for the
prn argument, we can sniff and see what happened:
Woohoo! Look how awesome we are! Make sure to look through that script so you can see what we’re doing. We want to send random TCP ports in our packet, so we have to make an array of packets, each with a different TCP destination port. You could also randomize the source port or any other field using the technique I did in that script.
This post was originally published on