We’ve doing a lot of packet sniffing, analysis, and even some basic packet crafting of our own. With the ICMP packets we created, we only set the destination we wanted to use and let Scapy take care of the rest.

Taking Control of Protocol Fields

I want to show you how to take a bit more control over the packet creation process by creating a TCP Christmas Tree packet. I’ll let you read the details, just know that the name of this packet comes from every TCP header flag bit turned on (set to 1), so it can be said the packet is “lit up like a Christmas Tree.” Here’s how we can build this with Scapy:

Although we don’t get much output from the send() function, and no option for the prn argument, we can sniff and see what happened:


Wireshark sniff showing several xmas tree packets and the TCP header with our bits set

Woohoo! Look how awesome we are! Make sure to look through that script so you can see what we’re doing. We want to send random TCP ports in our packet, so we have to make an array of packets, each with a different TCP destination port. You could also randomize the source port or any other field using the technique I did in that script.

Series Navigation<< Scapy p.07 – Monitoring ARPScapy p.09 – Scapy and DNS >>

This post was originally published on

This article has 2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *