So, guys, I have been studying about network traffic analysis for quite some time now. During CTFs, I always had to extract out some sort of data from multiple packets and that too only specific packets. Well, a lay man’s idea would be to write down the content you specifically need. But man, we are in the 21st century. So my quest for a solution to this tedious task began. One of my friends suggested learning about this python module called scapy.
So I went through the scapy documentation but it took me some time in understanding it fully because a noob will not understand it so easily.
In this blog, I’ll be writing about scapy in the simplest language possible. I’ll cover about using scapy to create packets layer after layer and send them. Though I use scapy mainly for carving out data from a network capture(in other words, a PCAP file).
To install the scapy module,
$ pip install scapy
Scapy builds a packet layer after layer. So let us start with the basics.
Let us create a packet by specifying its source and destination addresses.
Now let us add a layer 4 protocol like TCP or UDP and let us also add a source port and destination port.
Now that we have how to build a packet over TCP let us try the same with ICMP too and also let us try to send the packet with a raw payload.
Now let us run this code.
Suppose if I want to send the same packet over and over again, What do I do? Simple.
Want to see the output??
Well, there it is. There are many powerful things that you can do with scapy.
To mention some:
- Perform a TCP 3-way handshake
- Network port scanning
- Stealing email data
- ARP cache poisoning
- Writing and analyzing PCAP files. 🙂
Follow me on the next to blog where I use scapy to extract data from a PCAP file.
I hope you found this really interesting.