Scapy – Interactive Packet Manipulation Tool

Introduction

Scapy is a very powerful packet manipulation program and library, written in Python. It allows you to:  forge / decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, etc. This tool can also perform tasks such as scanning, trace-routing, probing, unit tests, attacks, network discovery, and much more. (official website).

Scapy: Powerful Python-based Interactive Packet Manipulation Tool

Scapy is a Python tool that enables you to send, sniff and dissect/forge network packets. Those capabilities allows tool construction that can probe, scan or attack networks. It can replace:

• hping, arpspoof, arp-sk, arping, p0f,even some parts of Nmap, tcpdump, and tshark.

Scapy can also perform a huge number of other specific operations/tasks that most other tools can’t, such as:

• • sending invalid frames,
  • injecting your own 802.11 frames,
  • combining techniques (VLAN hopping + ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.),

• …

Supported platforms (cross-platfom)

Scapy supports Python 2.7 and Python 3 (3.4 to 3.6):

• Linux, OSX, * BSD, and Windows.

Features:

• Craft Packets
  Scapy enables the user to describe a packet or set of packets as layers that are stacked one upon another. Layer fields have useful default values that can be overloaded. It doesn’t oblige the user to use predetermined methods or templates.
• Interpret many with single probe
  Unlike many tools, it provides a complete set of data/information (send/received responses). In case of a small dataset, user might try to dig desired data himself. In other cases when data set is simply too big, most tools process and discard all data not directly related to specific point of view. Scapy in comparement, provides the complete raw data, available for multiple/different types of analysis (viewpoints).
• It decodes, doesn’t interpret,
• It is also modular. Python module can be used to build specific network tools,
• Can be easily extended to support new protocols,
• You can build your own tools,
• etc.

Install

Requirements:

• Python 2.7.x or 3.4+

Clone it from the github repository, and run as follows:

$ git clone https://github.com/secdev/scapy
$ cd scapy
$ ./run_scapy
>>>

To update scapy, just run:

$ git pull
$ sudo python setup.py install

INFO: Can't import python gnuplot wrapper . Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().

Debian/Ubuntu:

To install cryptography , simply run:

$ sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-cryptography python-pyx

If you need the cryptography-related methods, install it with pip:

# pip install cryptography

Fedora (9):

# yum install git python-devel
# cd /tmp
# git clone https://github.com/secdev/scapy
# cd scapy
# python setup.py install

To install optional packages, run:

# yum install graphviz python-cryptography sox PyX gnuplot numpy
# cd /tmp
# wget http://heanet.dl.sourceforge.net/sourceforge/gnuplot-py/gnuplot-py-1.8.tar.gz
# tar xvfz gnuplot-py-1.8.tar.gz
# cd gnuplot-py-1.8
# python setup.py install

Mac OS X:

On Mac OS X, it doesn’t work natively. You need to install Python bindings to use libdnet and libpcap.  To install using homebrew, first update it, then run python buildings:

$ brew update

$ brew install --with-python libdnet
$ brew install https://raw.githubusercontent.com/secdev/scapy/master/.travis/pylibpcap.rb
$ sudo brew install --with-python libdnet
$ sudo brew install https://raw.githubusercontent.com/secdev/scapy/master/.travis/pylibpcap.rb

For installation on other platforms (* BSD, Windows), check the official docu page.

Basic Usage

To start Scapy, you’ll need root privileges:

$ sudo ./scapy

from scapy.all import *

To see detailed documentation with usage examples, click the documentation button bellow.