Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Understanding Network Hacks
< Prev   CONTENTS   Next >

5.13 Tools

5.13.1 Scapy

Scapy is not only a fantastic Python library but also a great tool. When you start Scapy manually from the console you get its interactive mode, which is a Python console with all Scapy modules automatically loaded.

scapy

The command ls() shows you all available protocols:

>>> ls()

ARP : ARP

ASN1_Packet : None BOOTP : BOOTP

...

A complete list of all protocols implemented in Scapy can be found in Table A.1.

To get all header options including default values for a protocol just insert the protocols name as parameter into the function ls().

>>> ls(TCP)

sport : ShortEnumField = (20) dport : ShortEnumField = (80) seq : IntField = (0)

ack : IntField = (0)

dataofs : BitField = (None)

reserved : BitField = (0)

flags : FlagsField = (2)

window : ShortField = (8192)

chksum : XShortField = (None)

urgptr : ShortField = (0) options : TCPOptionsField = ({})

The command lsc() can be used to show an overview of all functions and their description.

>>> lsc()

arpcachepoison : Poison target's cache with (your MAC,

victim's IP) couple

arping : Send ARP who-has requests to determine which hosts are up

...

The Table 5.1 gives you an overview of the most important functions in Scapy, a complete list can be found in Table A.2.

Additionally the Scapy shell can be programmed like before. Here is another short example on how to implement a HTTP GET command, which will not receive any data, because the previous TCP handshake is missing.

Table 5.1 Important Scapy functions

Name

Description

send()

Sends a packet on layer 3

sendp()

Sends a packet on layer 2

sr()

Sends and receives on layer 3

srp()

Sends and receives on layer 2

sniff()

Captures network traffic and executes callback function for every packet

RandMAC()

Generates a random MAC address

RandIP()

Generates a random IP address

get_if_hwaddr()

Gets the MAC address of a network interface

get_if_addr()

Gets the IP address of a network interface

ls()

Lists all available protocols

ls(protocol)

Shows details of a protocol

lsc()

Gets an overview of all commands

help()

Prints the documentation of a function or protocol

>>> send( IP(dst="datenterrorist.de") /

TCP(dport=80, flags="A")/"GET / HTTP/1.0 " )

Another keen feature of Scapy is statistical evaluation of transmitted and received packets as graphs such as the distribution of TCP sequence numbers. For this you need to have the Gnuplot library (gnuplot.info) installed as well as the Gnuplot Python module.

pip install gnuplot-py

Now you can plot the received packets.

ans, unans = sr(IP(dst="datenterrorist.de",

id=[(0,100)]) /

TCP(dport=80)/"GET / HTTP/1.0 ") ans.plot(lambda x: x[1].seq)

The lambda function gets called for every received packet and calls the plot() function with the packets sequence number, which magically creates a nice image onto your screen.

Figure 5.1 shows why the sequence number is called sequence number, thus we see a straight line. The initial sequence number is generated randomly but the following are just incremented for every byte sent (see Sect. 2.9).

Fig. 5.1 TCP sequence numbers

If you want to know even more about Scapy, you should have a look at the excellent official Scapy documentation, which can be found under secdev.org/projects/scapy/doc/usage.html.

There you can not only get a good description of every function but also quite long list of useful one-liners like traceroute or VLAN hopping and cool addons like fuzzing, active and passive fingerprinting, ARP poisoning, ARP ping and DynDNS.

 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel