thePacketGeek

a developing networker

Scapy p.02

Installing Python and Scapy

May - 2019 (~3 minutes read time)

Installing Python

Scapy was originally written for Python 2, but since the 2.4 release (March 2018), you can now use Scapy with Python 3.4+! I will prefer Python 3 in examples but will also include notes about big differences between each python version and Scapy if they exist.

If you're using a Mac or running some version of *nix you probably already have Python 2 (and maybe even Python 3) installed. To check, open a terminal and type python3 or python. You should see something like this:

localhost:~ packetgeek$ python3
Python 3.7.2 (v3.7.2:9a3ffc0492, Dec 24 2018, 02:44:43)
[Clang 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>

If you are running Windows or for some other reason do not have Python installed already, go to the Python download page and grab the installer for your platform.

Installing Scapy

There are multiple ways to install Scapy depending on your platform. Check out the Scapy installation guides to find instructions and installer packages relevant to your platform. Once Scapy is installed, you should be able to run it from the terminal, just like we did with Python, and get something that looks like this:

localhost:~ packetgeek$ scapy

                     aSPY//YASa
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version 2.4.2
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | We are in France, we say Skappee.
       scccccp///pSP///p          p//Y   | OK? Merci.
      sY/////////y  caa           S//P   |             -- Sebastien Chabal
       cayCyayP//Ya              pY/Ya   |
        sY/PsY////YCc          aC//Yp
         sc  sccaCY//PCypaapyCP//YSs
                  spCPY//////YPSps
                       ccaacs
                                       using IPython 7.2.0
>>>

I highly recommend install IPython in your scapy environment as it makes interactive mode much more enjoyable!

pip3 install ipython

Scapy and Network Interfaces

If you have multiple network interfaces on your computer, you might have to double check which interface Scapy will use by default. Run scapy from the terminal and run the conf command. See what interface Scapy will use by default by looking at the iface value:

localhost:~ packetgeek$ scapy
Welcome to Scapy (2.4.3)
>>> conf.iface
'en0'

Scapy on my computer is defaulted to my en0 (Wifi) interface

If the default interface is not the one you will use, you can change the value like this:

>>> conf.iface="en3"

*Instead of en3, use the interface you want to be your default

If you are constantly switching back and forth between interfaces, you can specify the interface to use when you run Scapy commands. Here are some Scapy functions and how you might use the iface argument. You'll learn more about these functions and other arguments soon.

>>> sniff(count=10, iface="en3")
>>> send(pkt, iface="en3")

Root Permissions

For some of the Scapy functions dealing with sending traffic, you will need to be able to run Scapy as root. For example, on a Mac/Linux computer you can run interactive mode with root permissions by running sudo scapy from the CLI. Also, you can run the Python scripts with Scapy send functions as sudo like this:

$ sudo python3 script.py

If you ever receive a Python error about not having the correct permissions or something not be allowed, try running Scapy with root permissions.