0% found this document useful (0 votes)
95 views5 pages

Scapy - A Powerful Interactive Program

This document discusses Scapy, an interactive Python-based tool for packet manipulation. It can be used to forge, send, capture, dissect, and analyze network packets. The document outlines Scapy's key features like its interactive nature, high-level functions, modularity, and ability to bypass firewalls. It also notes weaknesses like partial support for some complex protocols. Examples are given of common Scapy operations like building and sending packets, stacking layers, sniffing interfaces, and performing a three-way handshake.

Uploaded by

kartikey jain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
95 views5 pages

Scapy - A Powerful Interactive Program

This document discusses Scapy, an interactive Python-based tool for packet manipulation. It can be used to forge, send, capture, dissect, and analyze network packets. The document outlines Scapy's key features like its interactive nature, high-level functions, modularity, and ability to bypass firewalls. It also notes weaknesses like partial support for some complex protocols. Examples are given of common Scapy operations like building and sending packets, stacking layers, sniffing interfaces, and performing a three-way handshake.

Uploaded by

kartikey jain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

SCAPY- A powerful interactive packet

manipulation program
Rohith Raj S Rohith R Minal Moharir
Computer Science and Engineering Computer Science and Engineering Computer Science and Engineering
Department Department Department
R.V College of Engineering R.V College of Engineering R.V College of Engineering
Bangalore, India Bangalore, India Bangalore, India
[email protected] [email protected] [email protected]
Shobha G
Computer Science and Engineering
Department
R.V College of Engineering
Bangalore, India
[email protected]

Abstract— This research paper looks into a state of the art A brief working of Scapy as interactive packet manipulation
tool for interactive packet manipulation named Scapy which is tool is as follows and the same is given in Fig. 1
written in Python language; detail out some vital commands, 1. Create packets by taking into account the data type,
strengths and weakness, protocols supported, usage explained source MAC address and destination MAC address.
with snapshots, tracking packets being sent and received using 2. Send the created packets to the destination by
wireshark and scope of future integration with newer protocols. specifying the parameters.
The research paper, tries to give a brief introduction and 3. Or sniff for packets by specifying the parameters.
readable usage and applications using the Scapy tool.

Keywords—capture, packet, protocol, python, scapy, tool

I. INTRODUCTION
Scapy is a Python program written to manipulate network
packets. It was developed by Philippe Biondi. Network
packets can be sent, sniffed, dissected and forged [1]. Scapy
can be used to construct or decrypt packets of a variety of
protocols, to send them, capture them, match requests and
replies, and a lot more. Many long-established tasks can be
handled by it such as tracerouting, scanning, unit testing,
probing, attacking and discovery of networks.

Scapy comes as an interpreter and not as a shell command


program. It uses Python interpreter evaluation loop to let the
users manipulate classes, instances, and functions.
The materialization of packets in Scapy is done in the
form of class instances. When an object is instantiated it
means that a packet is created and modifying the attributes or
calling the methods of the instance object refers to
manipulating a packet. By implementing packets as objects; Fig. 1: Brief working of scapy as interactive packet manipulation tool
creating a packet is only done with one line of code while it
would have definitely taken many lines of code in C even Strengths and weakness of Scapy tool are as follows:
with the best libraries. The basic building block of a packet is
a layer and an entire packet is built by putting layers on top A. Strengths
of one another. Layering allows for natural representation and ● Interactive language
code implementation. The user can define a group of packets ● No complex syntax to remember
in Scapy, now these packets are sent and answers are received ● High-level functions already implemented
[1,2]. The way in which packets are sent, sniffed, the process ● Multi-tasking
of demonstrating tables and couples is the same always and ● Modularity
is given by scapy in three simple steps [2]: ● Extensibility
● Constructing our own set of packets ● Simple packets forging and analyzing
● Using the Scapy’s logic to send the packets, collect ● Bypass local firewall
replies, dissect them, and finally match the stimuli
and answers. B. Weakness
● Presenting the result ● Link layer not managed well

978-1-5386-7949-4/18/$31.00 ©2018 IEEE


● The DNS packets received/sent are not III. WORKING WITH SCAPY
reassembled exactly as the original To send the packets in scapy, Root privileges are needed, so
● Can’t handle a large number of packets sudo command should be used. A snapshot of this feature is
simultaneously shown in Fig. 2
● Partial support for certain complex protocols

Scapy supports the following protocols:


● Ethernet
● TCP/IP, UDP
● IPv4 and IPv6
● ARP
● ICMP and ICMPv6 types and codes.
● IGMP Fig.2:Starting Scapy
● Text based protocols (HTTP, HTTPS).
● STP The basic commands that are used in scapy are:
● DNS
● FTP and TFTP and many more

II. IMPORTANT OPERATIONS

TABLE 1: Operations supported by Scapy

After opening a scapy session, the user can build and play
with packets as shown in Fig. 3

Fig. 3: Building a packet and playing with it

The user can stack layers in scapy. For composition between


two layers, / operator is used. The default fields of the lower
layers can be overloaded according to the upper layers when
performing composition of two layers. [2,3] A snapshot of
this feature is shown in Fig. 4

Fig. 4: Stacking layers

Packets are sent using the send() or sendp() fuctions. The


network layers in which these functions work are:
● send() function works at layer 3 and therefore, The process in which we read the interfaces and scan the ports
layer 2 and routing is taken care is called sniffing. It allows us to capture packets as it’s
transmitted over a network. Some packets can be easily
● sendp() function sends packets at layer 2 [4] captured or can be even cloned using tshark or tcpdump. For
sniffing, one or more interfaces can be provided as input.
Suppose, if no interface is given as an input, conf.iface will
The user can choose the right link layer protocol and the be the interface to be sniffed on. A snapshot of sniffing
interface for the send() and sendp() function. feature is shown in Fig. 7

Fig. 5: Sending packets

To send packets and receive answers sr() function is used. A


couple of packets, answers and unanswered packets are
returned by this function. A variant of sr() function is sr1()
which returns a single packet that answered the sent packet.
Only layer 3 packets such as ARP, IP, etc. are used as packets Fig. 7: Sniffing an interface
for sr() function. Whereas, only layer 2 packets such as
Ethernet, 802.3, etc. are used as packets for srp() function. TCP three-way handshake is a three message handshake
(SYN-SYN-ACK) which is used to establish an internet
connection over an IP network. This is the method which
allows two computers to communicate over a network. The
code to establish a three way handshake between a client
having IP-address 192.168.80.128 and a server having IP-
address 192.168.0.103 is shown in the Fig. 8 .

Fig. 8: handshake.py

Before sending the packets the iptables have to be set to


suppress the RST packets as Scapy tool doesn’t make use of
the kernel services and it creates a raw socket and RST
packets come from the kernel as there is no port listening on
3o the source port. [5] Fig. 9 illustrates the process of setting IP
Fig. 6: Send and receive packets(sr)
tables for a proper three-way handshake.
The send and receive functions return a couple of two lists.
These two functions are considered as heart of scapy as they
are very important. The two elements returned is shown in
Table 2. The two elements are lists; so to present them in a
better way, they are wrapped by an object.

TABLE 2: The two elements returned by send and receive functions


Fig. 9: Setting IP tables
Element List of

First Couples (packet sent, answer) On executing the handshake.py file shown in Fig.8 from the
terminal the working of the three-way handshake can be
Second Unanswered packets captured in wireshark as shown in Fig. 10. Three way
handshake happens in client-server connections established
over a TCP/IP Network.
Adding a new protocol in Scapy is a simple task. The fields
do all the magic.

The layer class inherits the layer manipulation logic from the
Packet class. A list of fields will compound a simple layer.
This will be either concatenated while the layer is assembled
or, while disassembling a string it’s dissected layer by layer.
fields_desc attribute stores the list of fields. By instantiating
Fig. 10: Wireshark trace for three way handshake field class, fields are obtained.

IV. VIEWING PACKETS WITH WIRESHARK

The advanced ability of Wireshark to dissect packets is the


major driving force for using it to view the packets generated
Fig. 13: Adding a new protocol called Plant()
or sniffed with scapy. In the terminal, by executing the
wireshark() function, Wireshark software opens in the In the example given in Fig. 13, our layer consists of three
background and allows users to view the required packets. A fields as follows:
snapshot of this feature is shown in Fig. 11 and Fig. 12
TABLE 3: Fields description of the layer created in Fig. 13

Field Name Integer type Default


value

First Marigold 2 byte 5

Second Cactus 1 byte 3

Third Rose 4 byte --


Fig. 11: Using wireshark( ) function
Vanilla ByteField and XByteField are different only in the
aspect of the field’s value which is represented in
hexadecimal format. Literate representations are assigned to
some of the values of the third field. Suppose if the worth is
given as 3, Pink value will be displayed. Similarly, if value is
assigned as ‘orange’ then it will display the value 2.

The protocol developed by the user is ready to be used with


the above given details. A snapshot of this is shown in Fig.
14

Fig. 12: Wireshark trace for Fig.11

The user uses the wireshark() function available in Scapy


whose function is to produce a pcap-file which is temporary,
Fig. 14: Operating on the Plant() protocol
and this file is read by Wireshark which starts in the
background environment. One more important thing to be
noted is that we have stacked Layer 3(ICMP and IP) packets VI. CONCLUSION
over an Ethernet header(Layer 2), this is done because
Wireshark synergizes with frames and passing just Layer 3
packets will lead to unusual results. Scapy is very robust and it is very simple in terms of usage.
Scapy is very convenient for doing a quick security analysis,
sometimes though, when we would like to examine and make
conclusions by ourselves we can take raw outputs, without
V. SUPPORT FOR ADDING NEW PROTOCOLS needing any real explanation.
Scapy has many user and developer methods which are very
useful for packet manipulation. When programmers need to
make use of custom packets for obtaining any result like,
testing how a firewall or an Intrusion Detection System(IDS)
reacts to custom packets then Scapy is very helpful. One
really good thing about Scapy is, it can be used as a Python
Library which permits us to write programs and create
applications very hastily without really diving deep into
specifics of constructing raw packets from scratch which
helps in reducing the size of the code by a fair amount. In
short it gives us the freedom to try anything that we can
visualize over a network.

The compiler of python is located at runtime. It is not needed


to recompile all the changes in the source code. Hence all the
tasks done in Scapy are swift, speedy and flexible.

REFERENCES

[1] P. Biondi, Scapy, [online] Available:


http://www.secdev.org/projects/scapy.
[2] Bansal S, Bansal N (2015) Scapy – A Python Tool For Security
Testing. J Comput Sci Syst Biol 8:140-159. doi: 10.4172/jcsb.1000182.
[3] Kiel Gordon, Matthew Davis, Zachary Birnbaum, Andrey Dolgikh.
"ACE", Proceedings of the 2018 Workshop on Cyber-Physical
Systems Security and PrivaCy - CPS-SPC '18,2018
[4] Mahalakshmi, A. Soumya et al. “A study of tools to develop a traffic
generator for L4 – L7 layers.” 2016 International Conference on
Wireless Communications, Signal Processing and Networking
(WiSPNET) (2016): 114-118.
[5] Samad S. Kolahi, Shaneel Narayan, Du. D. T. Nguyen, Yonathan
Sunarto "Performance monitoring of various traffic generators" IEEE
Conference on Modeling and Simulation, pg.501-506, March 2011.

You might also like