Monday, December 31, 2012

Fun with Scapy

Scapy belongs in any Pythonic Network Engineer's tool bag, IMHO. It allows you to craft your own packet from the ground up. Basically any high level tools you use (nmap, ping, traceroute) is limited by the intention of the creator of the tool, say, if I create a tool called eric-ping and uses IMCP ping, you as the user cannot use TCP ping unless I provide that as an option to you.

But with Scapy, it allows you to craft your own packet at each layer, and take defaults whenever possible to save you time.  Best yet, it takes after the Python object model and leverage what you already know about Python.

The creator of the tool wrote a detail interactive tutorial that is pretty easy to follow:

Here is the project homepage:

Here is another intro from

I would encourage the motivated to walk thru the tutorial on the Scapy site. Here is my own little experiment:

1. Create a list of eCommerce sites to query port 80 from:

>>> ecommerceSites = ["", ""]

2. Get the results back: 

>>> answered, unanswered = sr(IP(dst=ecommerceSites)/TCP(dport=(80)))
Begin emission:
....Finished to send 2 packets.
Received 11 packets, got 2 answers, remaining 0 packets

3. Pretty print it with socket module to get the DNS name back: 

>>> answered.make_lined_table(lambda (sender,response): ("Commerce Sites", str(socket.gethostbyaddr(sender.dst)), response.sprintf("%IP.src% %IP.proto%")))
                                          | Commerce Sites | 
('', [], ['']) | tcp http | 
('', [], ['']) | tcp http | 

I cheated a litte on the example above by not include any sites that uses Akami VIP (,, etc) or no reverse lookup ( to make the result more clear and meaningful. 

Perhaps after I get more experience with the tool I will report back with some more examples. I have some aspiration for projects after seeing how powerful the tool is. 


  1. I want to capture all wireless DATA packet using scapy
    My Code That I have tried as follows

    from scapy.all import *

    def PacketHandler(pkt) :

    if pkt.haslayer == 2 and pkt.subtype==0:

    if pkt.haslayer(IP) :

    print ip.dst

    if pkt.haslayer(UDP):
    print udp.dport
    if pkt.haslayer(TCP) :
    print tcp.port

    sniff(iface="mon0", prn=PacketHandler)

    Using this I want to capture all wireless DATA packets but I am getting only multicast ( IP/UDP) packets.So how can I get all DATA packet in my wireless network. I have disabled password of my Access Point for this ( for some time only) so I can get acccess upto data in packets.

  2. Great put Good stuff.All the topics were explained quickly understand for me. I am waiting for your next fantastic blog.get more...
    Python Training in Chennai | Best Python Training in Chennai

  3. I am confident you've got a great enthusiast following there.
    top 10 website design company

  4. This comment has been removed by the author.

  5. Their project managers logo designer companies were particularly experienced

  6. It’s those tales which end up being the inspiration for his or her visual details. The folks would be crucial. weed measurements

  7. This comment has been removed by the author.

  8. This post is so helpfull and informative.keep updating with more information...
    IOS Language
    IOS Programming

  9. This post is so interactive and informative.keep update more information...
    AWS Training in Tambaram
    AWS Training in Chennai

  10. Unless they (and you) have had their website reviewed, analyzed and modified by a reputable Internet marketing service or consultant, then it is probably not optimized press org

  11. In order to execute successful SEO it makes sense to investigate where your problem areas lie and what needs immediate attention. hbci com

  12. Their Insurance policies have Insurance policies.  Obamacare does mandate a range of obligatory health-Insurance benefits, but most of them, like mental health and pregnancy coverage, would likely have already come standard on a big employer plan like AOL's. What Is A Government Employees Insurance Company