Scapy p.09 – Scapy and DNS

This entry is part 9 of 11 in the series Building Network Tools with Scapy

We’ve been able to work with Ethernet, ARP, IP, ICMP, and TCP pretty easily so far thanks to Scapy’s built in protocol support. Next on our list of protocols to work with are UDP and DNS.

DNS Request and Response

Using the sr1() function, we can craft a DNS request and capture the returned DNS response. Since DNS runs over IP and UDP, we will need to use those in our packet: Continue reading

Scapy p.11 – Scapy Resources

This entry is part 11 of 11 in the series Building Network Tools with Scapy

I hope you had as much fun as I did getting started with Scapy. These are all starter ideas, but we’ve barely uncovered the tip of the iceberg. I’ll continue to write articles about cool Scapy tools I come up with but you should dig into the docs below and see what you find. If you have any questions or comments about this guide, feel free to contact me.

Online Resources

Continue reading

Scapy Sniffing with Custom Actions, Part 2

In the previous article I demonstrated how to add a custom function to change the formatting of the packet output in the console or do some sort of custom action with each packet. The limitation of just including a function name in the prn argument is that you cannot pass along any arguments other than the packet itself (implicitly passed).

Using nested functions to harness the power of closure, you can bind any number of arguments to the function that is executed on each packet by Scapy. From the part 1 article, you can see how we created a function and used the function to pass the actual function (not the returned value) to the prn argument:

Continue reading

Scapy Sniffing with Custom Actions, Part 1

Scapy has a sniff function that is great for getting packets off the wire, but I recently discovered just how great this feature really is. There’s an argument to pass a function that executes with each packet sniffed. The intended purpose of this function is to control how the packet prints out in the console, allowing you to replace the default .nsummary display with a format of your choice.

In the ScapyDoc.pdf, the prn argument is defined as:

prn: function to apply to each packet. If something is returned, it is displayed. For instance you can use prn = lambda x: x.summary().

Continue reading