Scapy

Basics

• Get all protocols

ls()

• Get all options of a protocol

ls(TCP)

• Get all commands

lsc()

• Show description of function

help(sniff)

=== Sending packets ===

• Just a simple Ping

send(IP(dst="192.168.1.1")/ICMP())

• send() send on layer 3 (IP)

• sendp() send on layer2 (Ethernet)

• Send a packet on layer 3 and wait for response

(resp, unans) = sr(IP(dst="192.168.1.1")/ICMP(), timeout=3)

• print destination packet

print resp[0][1].show()

• sr1 for sending on layer2

Sniffing

def handle_packet(packet):
    ip = packet.getlayer(scapy.IP)
    tcp = packet.getlayer(scapy.TCP)

    print "%s:%d -> %s:%d" % (ip.src, tcp.sport
                              ip.dst, tcp.dport)

scapy.sniff(iface=dev, filter="tcp and port 80", prn=handle_packet)

• other way to decode the packet

print packet[IP].src

Useful utils

• Generate random mac / ip

RandMAC("*:*:*:*:*:*")
RandIP("*.*.*.*")

• Get your own mac / ip

get_if_hwaddr("eth0")
get_if_addr("eth0")

Awesome oneliners

• Find sniffers on your network

promiscping("192.168.1.0/24")

• SYN portscan

ans, unans = sr(IP(dst="www.chaostal.de")/TCP(dport=range(1,1024), flags="S"), timeout=1)

• TCP fuzzer

send(IP(dst="192.168.1.1") / fuzz(TCP()), loop=1)

• mac flooder

sendp(Ether(src=RandMAC("*:*:*:*:*:*"), dst=RandMAC("*:*:*:*:*:*")) / IP(src=RandIP("*.*.*.*"), dst=RandIP("*.*.*.*")) / ICMP(), loop=1)