Monday, November 14, 2005

Scapy = Master Once, Do It All Kung Fu

I have been mentionning quite a lot of times about scapy in my blog. Thanks to Philippe BIONDI, father of scapy and the rest of oss folks that help.

What is scapy anyway?
Scapy is a powerful interactive packet manipulation program that written in python. It allows you to do almost everything including packet forging, decoding, engineering, tracing, network mapping and etc. This is the only tool that deal with human limitation instead of program limitation. Why human limitation? It is because lacking of knowledge in certain network protocol, you can't create a functional packet that works with it. Scapy itself supports wide range of protocols and allows you to specify any fields in the packet, and the limitation again comes to the imagination of human being.

Master Once, Do It All Kung Fu?
Indeed yes, mastering Scapy ain't easy as it requires a little python scripting knowledge, another thing is that you are taking full advantage of Scapy only if you understand tcp/ip protocol well enough. RFC is a good place to start for that or you can go quick start by reading W. Richard. Stenvens TCP/IP Illustrated series.

Here i will demonstrate how to construct a packet which sending to remote host 192.168.0.66 and destination port 22 with syn flag.
Scapy in Action!
This is the tcpdump output in host 192.168.0.66.

There are more you can do with scapy, check out the Scapy site as it comes with very handy tutorial on the first page.

Monkeying with Scapy Kung FU (:])

2 comments:

darry said...

nice post on scappy, shall try it :D. Keep on writing good stuff man

C.S.Lee said...

Thanks :]