Scapy Usage part 2

Some more usage of SCAPY

Capturing file and writing to PCAP and reading PCAP files for analysis

>>> pkts=sniff(count=10)
>>> wrpcap(‘traffic.pcap’,pkts)        Write list of packets to PCAP file
>>> packetlist = rdpcap(‘traffic.pcap’) Read PCAP file into list of packets
>>> for pkt in pkts:
… print pkt.src, pkt.type

00:0c:29:01:22:43 2054
00:0c:29:eb:a4:2f 2054
00:0c:29:01:22:43 2048
00:0c:29:eb:a4:2f 2048

Saving the Traffic patten in a graph

>>> res,unans = traceroute ([“www.microsoft.com”,”www.cisco.com”,”www.yahoo.com”,”www.wanadoo.fr”,”www.pacsec.com”],dport=[80,443],maxttl=20,retry=-2)
Received 190 packets, got 190 answers, remaining 10 packets
193.252.122.103:443 193.252.122.103:80 198.133.219.25:443 198.133.219.25:80 207.46…
1 192.168.8.1 192.168.8.1 192.168.8.1 192.168.8.1 192.16…
2 82.251.4.254 82.251.4.254 82.251.4.254 82.251.4.254 82.251…
3 213.228.4.254 213.228.4.254 213.228.4.254 213.228.4.254 213.22…
[…]
>>> res.graph() # piped to ImageMagick’s display program.
>>> res.graph(type=”ps”,target=”| lp”) # piped to postscript printer
>>> res.graph(target=”> /tmp/graph.svg”) # saved to file

>>> res.trace3D()        #in 3d if VPython available.


When we have multiple interfaces and want to send packets on a specific interface

>>send(pkt, iface=”eth0″)
>>sendp(eth/ippkt/tcppkt, iface=”eth0″)


Replay an attack from packet capture

>>>pkts=rdpcap(“/root/attack/atk.pcap”)
>>>for pkt in pkts:
>>> send(pkt)
>>>

Monitor ARP Packet for anything

<<<file arp_mon.py>>

root@bt:~#cat arpmon.py
from scapy.all import *
def arp_mon(pkt):
if ARP in pkt and pkt[ARP].op in (1,2):
print pkt[ARP].hwsrc,pkt[ARP].psrcsniff(prn=arp_mon,filter=”arp”,count=4)

root@bt:~# python arpmon.py
WARNING: No route found for IPv6 destination :: (no default route?)
00:0c:29:01:22:43 192.168.1.10
00:0c:29:01:22:43 192.168.1.10
00:0c:29:01:22:43 192.168.1.10
00:0c:29:01:22:43 192.168.1.10

CONFIGURATION params of scapy

we can edit these parameters customized to our need like
editing iface [Interface]
promisc = 1 [promiscious mode]

>>>conf

MORE Info: Scapy Documentation include various functions for reference.LINK

Advertisements

About wikihead

A Seeker. Information Security Professional, Pursuing Life with Ayurveda.
This entry was posted in Articles, Notes, security, Uncategorized and tagged , . Bookmark the permalink.

2 Responses to Scapy Usage part 2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s