2. Agenda
Introduction
Why Scapy ?
Basic Commands
Building your first packet
Assembling full packet
Write your own Port scanner
Demo: SYN Scan and IP Spoofing
Built-in Sniffer Functionality
Scapy Strengths
References
3. Introduction
Powerful interactive packet manipulation program
Enable to send, sniff, dissect and forge network packets
Can manipulate and process packets at every layer of TCP/IP
Supports wide range of Protocols and adding your own.
Interactive shell OR Python module
Today : Interactive shell and TCP/IP
4. Why Scapy ?
Flexible unlike other packet crafting tools with limited
functionalities.
Little knowledge required to build your own tools
Single Replacement for Multiple tools such as wireshark, nmap,
hping etc.
Build your own tools with Combined Techniques
e.g. VLAN hopping + ARP Cache poisoning
Any field in every TCP/ IP layer can be altered
Decode packets ( Received a TCP Reset on port 80),
and not Interprets ( Port 80 is Closed)
10. Write your own port scanner
Port Scanning :
“An attack that sends client requests to a range of server port addresses on a host,
with the goal of finding an active port”
Result Status :
Open : The host sent a reply indicating that a service is listening on the port.
Closed : The host sent a reply indicating that connections will be denied to the
port.
Filtered: There was no reply from
the host.
12. Demo : SYN Scan
SYN Scan: a.k.a. Half Open scanning
Sends : SYN Packet
Response:
SYN, ACK- Open,
RST, ACK – Closed,
No response - Filtered
and if Port is open then doesnt send ACK to complete 3way
handshake.
14. Scapy Strengths
Rogue Router Advertisements with Scapy
http://samsclass.info/ipv6/proj/flood-router6a.htm
Malicious Content Harvesting with Python, WebKit, and Scapy
http://dvlabs.tippingpoint.com/blog/2011/11/28/malicious-content-harvesting
DEEPSEC: Extending Scapy by a GSM Air Interface
http://blog.c22.cc/2011/11/17/deepsec-extending-scapy-by-a-gsm-air-interface/
Use Scapy to test snort rules
And many more …..