Scapy fundamentals

Com­mands for the inter­ac­tive scapy interpreter:

• conf.iface shows the cur­rent­ly used interface
  • conf.iface='tun0' sets the inter­face to use
• ls shows all protocols
• ls(TCP) shows all known head­ers for a giv­en protocol
• lsc shows build-in functions
• Details about a pack­et p:
  • p shows gen­er­al information
  • p.summary() shows also gen­er­al information
  • p.show() shows each field and its value
  • ls(p) shows each field and its val­ue and also the default val­ues for each field.
  • hexdump(p) shows the whole pack­et as hex
  • wireshark(p) opens the pack­et in wireshark
• Send­ing pack­et p:
  • send(p) sends the pack­et and adds lay­ers below, e.g. includes it into a Eth­er­net frame.
  • sendp(p) sends the pack­et with­out adding addi­tion­al layers. 
  • answered, unanswered = sr(p) send and receive packets
  • answered, unanswered = sr1(p) send and receive one pack­et and stop then

Crafting packets

Cre­ate a sim­ple TCP/IP packet:

// Create an IP packet to a host.
p = IP(dst="10.10.10.10")
// Add a TCP packet over the IP packet with a destination port.
p /= TCP(dport=[80, 443])
// Send the packet and receive/evalute 1 return packet.
sr1(p)

// The same in one command, also with two return sets:
answered, unanswered = sr1(IP(dst="10.10.10.10")/TCP(dport=[80, 443]))
// afterwards you can use the variables to inspect all successful and unsuccessful connection attempts.

The pack­ets are stacked togeth­er and can mod­i­fied at each level:

When query­ing for a field, it search­es the field through all lev­els. E.g. when typ­ing p.payload it will return the pay­load from the IP pack­et because the Eth­er­net pack­et does­n’t have a pay­load field. Alter­na­tive: p[IP].payload queries the field for the giv­en pro­to­col with­in the stack.