Stack Overflow
Stack Overflow

Questions tagged [scapy]

Scapy is a network packet manipulation tool for use with Python.

What is Scapy?

Scapy is a network packet manipulation program for use with Python. It is able to:

  • forge or decode packets of a wide number of protocols
  • send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.)

What makes scapy different from most other networking tools?

  • You can build whatever packets you want, stack ARP on top of 802.11, use double 802.1q encapsulation or send an ICMP packet with padding, and send them over the wire.

  • Scapy does not interpret answers: unlike most tools, it won't say “this port is open” instead of “I received a SYN-ACK”. You are free to interpret the packets as you want

  • It reports everything: you see the padding, the reserved fields... Nothing is dismissed

Useful links:

2198 questions
9
votes
4 answers

Scapy BPF filter not working

I am using Scapy and would like to filter based on the destination mac address. However, I am getting packets displayed where the destination MAC address is not the address specified in the filter. Here is a code snippit: from scapy.all import…
user1607606
  • 91
  • 1
  • 3
9
votes
3 answers

Scapy: how do I get the full IP packet header?

In Scapy, I want to manually match packets with their corresponding ICMP time-exceeded messages. I need to match: IP-in-ICMP field of ICMP packet IP header and first 8 bytes of my data packet The ICMP packet isn't a problem: icmpPayload =…
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
9
votes
3 answers

get packet size in scapy / python

In Scapy (or even just Python, for that sake), how do I get the size in bytes of a given packet? I'm tempted to use the function len but I'm not sure what exactly it returns in the case of packets. >>> len(IP(dst="www.google.com")) 20 >>>…
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
8
votes
3 answers

Stripping payload from a tcpdump?

Is there an automated way (either in tcpdump or via a helper app Out There) to generate a pcap file that contains only Ethernet, IP and Layer 4 (TCP in my case) headers, so that there is no payload/application data in the resulting pcap? I've found…
caw
  • 421
  • 1
  • 3
  • 11
8
votes
2 answers

How to replay Wireshark captured packets?

I have captured some packets in Wireshark and need to replay those again in any way.
Some One
  • 103
  • 1
  • 1
  • 5
8
votes
2 answers

How to recalculate IP checksum with scapy?

Possible Duplicate: How to calculate a packet checksum without sending it? I've spoofed a source IP and MAC address in a captured packet, but now I need to recalculate the checksum so that it checks out once its been received (after being…
Mr. Shickadance
  • 5,283
  • 9
  • 45
  • 61
8
votes
1 answer

How to extract an SSL/TLS message using scapy and python?

I'm trying to read a TLS message. Specifically, the one with the certificate details (handshake_type = 11). What I'm doing is first checking that the message contains Raw. If so, I'm extracting the payload like so: b = bytes(pkt[Raw].load). Next,…
Elimination
  • 2,619
  • 4
  • 22
  • 38
8
votes
1 answer

scapy send tcp packet on established connection

I have the following: Server Side: TCP python server (not scapy) Client Side: Scapy to establish connection and sent TCP packet I am trying to send TCP packet via scapy on established connection after 3 way handshaking I am able to build the 3 way…
fhamad
  • 81
  • 1
  • 1
  • 2
8
votes
1 answer

Angle brackets in Python

I want to craft packets using scapy. When looking through the IP() class members I came across the following code idiom: 'fieldtype': { 'frag': , 'src': , 'proto':
zan
  • 355
  • 6
  • 16
8
votes
2 answers

Debugging project with root in PyDev/LiClipse

For a project I'm doing, which uses scapy and therefore sockets, I need to be able to debug as root. I have already figured out how to start the interpreter as root without the system asking for permission. I added: user ALL=(root)…
vicco
  • 1,049
  • 2
  • 14
  • 33
8
votes
2 answers

Python Scapy vs dpkt

I am trying to analyse packets using Python's Scapy from the beginning. Upon recent searching, I found there is another module in python named as dpkt. With this module I can parse the layers of a packet, create packets, read a .pcap file and write…
wonder
  • 885
  • 1
  • 18
  • 32
8
votes
1 answer

How to extract Raw of TCP packet using Scapy

I use the sniff function of scapy module. My filter and prn function are doing a great job. But now, I would like to extract the Raw of the TCP packet and handle it using hexadecimal or binary format. Here is the documentation of Packet Class in…
Quentin
  • 435
  • 2
  • 6
  • 15
8
votes
2 answers

Scapy sniff in non blocking way

In the blocking way I can do this: from scapy.all import * sniff(filter"tcp and port 80", count=10, prn = labmda x:x.summary()) # Below code will be executed only after 10 packets have been received do_stuff() do_stuff2() do_stuff3() I want to be…
Michael
  • 938
  • 2
  • 11
  • 18
8
votes
1 answer

Accessing 802.11 Wireless Management Frames from Python

From Python on Linux I would like to sniff 802.11 management 'probe-request' frames. This is possible from Scapy like so: # -*- coding: utf-8 -*- from scapy.all import * def proc(p): if ( p.haslayer(Dot11ProbeReq) ): …
user1503941
  • 446
  • 3
  • 8
8
votes
4 answers

Scapy and rdpcap function

I'm using rdpcap function of Scapy to read a PCAP file. I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets. I noticed…
auino
  • 1,644
  • 5
  • 23
  • 43
1 2 3
99 100