0% found this document useful (0 votes)
371 views2 pages

Scapy Cheat Sheet: Sending Packets Receiving and Analyzing Packets

This document provides a summary of key functions for creating, sending, receiving, and analyzing packets using Scapy: 1. Scapy allows crafting packets at the various layers including IP, TCP, UDP, and ICMP and sending them using functions like sr(), srp(), and sendp(). Received packets can be stored and analyzed. 2. Common tasks include sniffing the network to capture packets using filters, reading packets from pcap files, and writing packets to pcap files for analysis in other tools. 3. Scapy supports modifying packet fields which are Python variables that can be accessed and altered as needed for different packet crafting and analysis tasks.

Uploaded by

VeteranFps
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
371 views2 pages

Scapy Cheat Sheet: Sending Packets Receiving and Analyzing Packets

This document provides a summary of key functions for creating, sending, receiving, and analyzing packets using Scapy: 1. Scapy allows crafting packets at the various layers including IP, TCP, UDP, and ICMP and sending them using functions like sr(), srp(), and sendp(). Received packets can be stored and analyzed. 2. Common tasks include sniffing the network to capture packets using filters, reading packets from pcap files, and writing packets to pcap files for analysis in other tools. 3. Scapy supports modifying packet fields which are Python variables that can be accessed and altered as needed for different packet crafting and analysis tasks.

Uploaded by

VeteranFps
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Sending Packets Receiving and Analyzing Packets

Creating and sending a packet: Received packets can be stored in a variable when Scapy Cheat
>>> packet = using a send/receive function such as sr(), srp(), sr1()
IP(dst="4.5.6.7",src="1.2.3.4")/ sr1p(): Sheet
TCP(dport=80, flags="S") >>> packet = IP(dst="10.10.10.20")/ POCKET REFERENCE
TCP(dport=0,1024) GUIDE
Send a packet, or list of packets without custom ether Ver 0.2
>>> unans, ans = sr(packet)
layer:
>>> send(packet) Received 1086 packets, got 1024 answers, http://www.sans.org
remaining 0 packets
Other send functions:
sr() sends and receives without a custom ether() ans will store the answered packets:
layer >>> ans Purpose
sendp() sends with a custom ether() layer <Results: TCP:1024 UDP:0 ICMP:0 Other:0>
srp() sends and receives at with a custom ether() The purpose of this cheat sheet is to
layer To see a summary of the responses: describe some common options and
sr1() sends packets without custom ether() layer >>> ans.summary() techniques for using Scapy.
and waits for first answer IP / TCP 10.1.1.15:ftp_data >
sr1p() sends packets with custom ether() layer and 10.10.10.20:netbios_ssn S ==> IP / TCP
waits for first answer 10.10.10.20:netbios_ssn > 10.1.1.15:ftp_data
SA / Padding
Send function options: Note: this is the output from port 139 (netbios_ssn). Scapy Overview
filter = <Berkley Packet Filter> Notice how this port was open and responded with a
retry = <retry count for unanswered packets>
Scapy Background
SYN-ACK. Scapy is a Python module created by Philippe
timeout = <number of seconds to wait before giving
up> Biondi that allows extensive packet manipulation.
iface = <interface to send and receive>
To view a specific answer as a stream in array form: Scapy allows packet forgery, sniffing, pcap
>>> packets = sr(packet, retry=5, >>> ans[15] reading/writing, and real-time interaction with
timeout=1.5, iface="eth0", filter="host network targets.
1.2.3.4 and port 80") To view the first packet in the stream:
>>> ans[15][0] (this will be packet the Scapy Scapy can be used interactively from a Python
sent) prompt or built into scripts and programs.
<IP frag=0 proto=tcp dst=10.10.10.20 |<TCP
dport=netstat flags=S |>>
Launching Scapy
Sniffing and pcaps Once Scapy is installed it can be launched
To view the response from the distant end:
interactively by typing "sudo scapy" or from the
To sniff using Berkley Packet Filters: >>> ans[15][1]
command prompt.
>>> packets = sniff(filter="host <IP version=4L ihl=5L tos=0x0 len=40 id=16355
1.1.1.1") flags=DF frag=0L ttl=128 proto=tcp
chksum=0x368c src=10.10.10.20 dst=10.1.1.15 Additionally Scapy can be imported either
Sniffing using counts: options=[] |<TCP sport=netstat dport=ftp_data interactively or in a script with:
>>> packets = sniff(count=100) seq=0 ack=1 dataofs=5L reserved=0L flags=RA from scapy.all import *
window=0 chksum=0x2b4c urgptr=0 |<Padding
Reading packets from a pcap: load='\x00\x00\x00\x00\x00\x00' |>>> Note: Scapy requires root privileges to sniff or
>>> packets = rdpcap("filename.pcap") send packets!
To view the TCP flags in the response packet:
Writing packets to a pcap: >>> ans[15][1].sprintf("%TCP.flags%")
>>> wrpcap("filename.pcap", packets) 'RA'
Scapy Basics Ethernet Layer Fields / Default Values Altering Packets
To list supported layers: >>> ls(Ether) Packet layer fields are Python variables and can
>>> ls() Field Type Default Value be modified.
dst : DestMACField = (None) Example packet:
src : SourceMACField = (None)
Some key layers are: >>> packet = IP(dst="10.10.10.50")/
type : XShortEnumField = (0)
arp, ip, ipv6, tcp, udp, icmp TCP(sport=80)

To view layer fields use ls(layer): Viewing a field's value like the source port:
>>> ls(IPv6) IPv4 Layer Fields / Default Values >>> packet.sport
80
>>> ls(TCP) >>> ls(IP)
Field Type Default Value
version : BitField = (4)
Setting the source port:
To list available commands: ihl : BitField = (None) >>> packet.sport = 443
>>> lsc() tos : XByteField = (0) >>> packet.sport
len : ShortField = (None) 443
Some key commands for interacting with packets: id : ShortField = (1)
flags : FlagsField = (0) Setting port ranges:
rdpcap, send, sr, sniff, wrpcap frag : BitField = (0) >>> packet[TCP].dport = (1,1024)
ttl : ByteField = (64)
Getting help with commands use help(command): proto : ByteEnumField = (0) Setting a list of ports:
>>> help(rdpcap) chksum : XShortField = (None) >>> packet[TCP].dport = [22, 80, 445]
src : Emph = (None)
dst : Emph = ('127.0.0.1')
options : PacketListField = ([])
Setting the TCP flags (control bits):
>>> packet[TCP].flags="SA"
Basic Packet Crafting / Viewing >>> packet[TCP].flags
Scapy works with layers. Layers are individual 18 (decimal value of CEUAPRSF bits)
functions linked together with the "/" character to >>> packet.sprintf("%TCP.flags%")
construct packets. To build a basic TCP/IP packet with 'SA'
"data" as the payload:
>>> packet = IP(dst="1.2.3.4")/ TCP Layer Fields / Default Values Note! For ambiguous fields, like "flags", you must
TCP(dport=22)/"data" >>> ls(TCP) specify the target layer (TCP).
Field Type Default Value
Note: Scapy allows the user to craft all the way down to sport : ShortEnumField = (20) Setting destination IP address(es):
the ether() layer, but will use default values if layers are dport : ShortEnumField = (80) >>> packet[IP].dst = "1.2.3.4"
omitted. To correctly pass traffic layers should be seq : IntField = (0) >>> packet[IP].dst = "sans.org"
ordered lowest to highest from left to right e.g. (ether -> ack : IntField = (0)
IP -> TCP). dataofs : BitField = (None) Using CIDR:
reserved : BitField = (0)
>>> packet[IP].dst = "1.2.3.4/16"
To get a packet summary: flags : FlagsField = (2)
>>> packet.summary() window : ShortField = (8192)
chksum : XShortField = (None) Multiple Destinations:
urgptr : ShortField = (0) >>> packet[IP].dst = ["1.2.3.4",
To get more packet details:
options : TCPOptionsField = ({}) "2.3.4.5", "5.6.7.8"]
>>> packet.show()

You might also like