Learn about the All-Powerful Scapy module

So, guys, I have been studying about network traffic analysis for quite some time now. During CTFs, I always had to extract out some sort of data from multiple packets and that too only specific packets. Well, a lay man’s idea would be to write down the content you specifically need. But man, we are in the 21st century. So my quest for a solution to this tedious task began. One of my friends suggested learning about this python module called scapy. 

So I went through the scapy documentation but it took me some time in understanding it fully because a noob will not understand it so easily.

In this blog, I’ll be writing about scapy in the simplest language possible. I’ll cover about using scapy to create packets layer after layer and send them. Though I use scapy mainly for carving out data from a network capture(in other words, a PCAP file).

To install the scapy module,

$ pip install scapy

Scapy builds a packet layer after layer. So let us start with the basics.

Let us create a packet by specifying its source and destination addresses.

Screenshot from 2018-09-27 22-49-29

Now let us add a layer 4 protocol like TCP or UDP and let us also add a source port and destination port.

Screenshot from 2018-09-27 23-46-03

Now that we have how to build a packet over TCP let us try the same with ICMP too and also let us try to send the packet with a raw payload.Screenshot from 2018-09-28 00-01-13

Now let us run this code.Screenshot from 2018-09-28 00-01-01

Suppose if I want to send the same packet over and over again, What do I do? Simple.screenshot-from-2018-09-28-00-08-12-e1538073570441.png

Want to see the output??screenshot-from-2018-09-28-00-08-26.png

Well, there it is. There are many powerful things that you can do with scapy.

To mention some:

  • Perform a TCP 3-way handshake
  • Network port scanning
  • Fuzzing
  • Stealing email data
  • ARP cache poisoning
  • Writing and analyzing PCAP files.  🙂

Follow me on the next to blog where I use scapy to extract data from a PCAP file.

I hope you found this really interesting.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: