Scapy: Difference between revisions
From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) |
||
Line 28: | Line 28: | ||
Building your own tools | Building your own tools | ||
http://www.secdev.org/projects/scapy/build_your_own_tools.html | http://www.secdev.org/projects/scapy/build_your_own_tools.html | ||
Another tutorial | |||
http://www.cyberciti.biz/tips/linux-unix-manipulating-packet-data-tool.html |
Revision as of 18:44, 12 August 2009
What is Scapy?
"Scapy is a powerful interactive packet manipulation program."
It is also a python module that can be embedded in your software. It is designed for Linux but I think there are some funky Mac and Windows versions.
Reading a packet dump
I captured some data using tcpdump (well, actually I used Wireshark) and I can use scapy to examine the dump file.
scapy >>> a=rdpcap("2009Mar11_Packet_Capture") >>> a <2009Mar11_Packet_Capture: TCP:51 UDP:0 ICMP:0 Other:0> >>> a[0] <Ether dst=00:1c:57:18:59:c5 src=00:1c:23:13:42:8d type=0x800 |<IP version=4L ihl=5L tos=0x0 len=84 id=26007 flags=DF frag=0L ttl=128 proto=tcp chksum=0xba17 src=192.168.15.57 dst=10.9.1.11 options= |<TCP sport=1338 dport=3002 seq=4083609143L ack=3918538603L dataofs=5L reserved=0L flags=PA window=65532 chksum=0xca32 urgptr=0 options=[] |<Raw load='00000024\x01\x00\x00\x00\x1f\x00\x00\x00\x17(105\xfeC0A80F39\xfe3Q10\xfeAC\xfe0\xfe\x11\x00\x00' |>>>>
See this page for more information http://www.secdev.org/projects/scapy/demo.html
Resources
Most scapy things are linked from this page including tutorials and downloads. http://www.secdev.org/projects/scapy/
Building your own tools http://www.secdev.org/projects/scapy/build_your_own_tools.html
Another tutorial http://www.cyberciti.biz/tips/linux-unix-manipulating-packet-data-tool.html