Scapy
From Wildsong
Jump to navigationJump to search
What is Scapy?
"Scapy is a powerful interactive packet manipulation program."
It is also a python module that can be embedded in your software. It is designed for Linux but I think there are some funky Mac and Windows versions.
Quick ref
ls() list known protocols ls(ICMP) lists information on ICMP ls(a[0]) lists information on a packet
lsc() list commands
Reading a packet dump
I captured some data using tcpdump (well, actually I used Wireshark) and I can use scapy to examine the dump file.
scapy >>> a=rdpcap("2009Mar11_Packet_Capture") >>> a <2009Mar11_Packet_Capture: TCP:51 UDP:0 ICMP:0 Other:0> >>> a[0] <Ether dst=00:1c:57:18:59:c5 src=00:1c:23:13:42:8d type=0x800 |<IP version=4L ihl=5L tos=0x0 len=84 id=26007 flags=DF frag=0L ttl=128 proto=tcp chksum=0xba17 src=192.168.15.57 dst=10.9.1.11 options= |<TCP sport=1338 dport=3002 seq=4083609143L ack=3918538603L dataofs=5L reserved=0L flags=PA window=65532 chksum=0xca32 urgptr=0 options=[] |<Raw load='00000024\x01\x00\x00\x00\x1f\x00\x00\x00\x17(105\xfeC0A80F39\xfe3Q10\xfeAC\xfe0\xfe\x11\x00\x00' |>>>>
See this page for more information http://www.secdev.org/projects/scapy/demo.html
Resources
Most scapy things are linked from this page including tutorials and downloads. http://www.secdev.org/projects/scapy/
Building your own tools http://www.secdev.org/projects/scapy/build_your_own_tools.html