====== Scapy interactive tutorial ======
[[http://www.secdev.org/projects/scapy/|Scapy, an interactive packet manipulation program]]
followed the tutorial, did not get further from generating packets; scapy got stuck when trying to read a pcap file that was written by aircrack
====== how to ======
* write and read a .pcap file ([[http://wikihead.wordpress.com/tag/scapy/]]):
>>> pkts=sniff(count=100, iface="wlan1") #use exteranl wifi card to sniff
>>>pkts
>>> wrpcap(‘traffic.pcap’,pkts) # Write list of packets to PCAP file
>>> packetlist = rdpcap(‘traffic.pcap’) # Read PCAP file into list of packets
>>> for pkt in packetlist:
... print pkt, pkt.src, pkt.name #src give the MAC address of the device; name gives the protocol (Ethernet/802.3...)
returns a dump like this:
...
.H? ??????????n??n????d UPC00803????$0Hl
*/0????
2
`? ??P?P?P?P?P?
?P???'?BC^b2/
.H? ??????????{v
?{v
`???dNETGEAR????
P?
.H? ???8?3??
.H? ?????????ia|?ia|?0/j?Q?d UPC01185????$0Hl
*/0????
2
`? ??P?P?P?P?P?
?P???'?BC^b2/
.H0? ???L?%EY
.H? ???8?3??
.H? ???8?3??
?3??
??EW/?@@?o?gJ}O??@\??
-j??-
?qK?????k??o??!??????RAu
.H0? ???L?%EY
.H? ???
???
====== examples ======
* [[http://www.packetstan.com/2011/03/extracting-ap-names-from-packet.html|PACKETSTAN: Extracting AP names from Packet Captures ]]
works great, extracts MAC addresses and ESSIDs found in a pcap file.
downloaded this script by Tim Medin; run it like this:
./APNameFromPcap.py -f [a .pcap file] | sort -u
returns a list like this:
00:--:--:--:--:-- Alexxa
00:--:--:--:--:-- NETGEAR
00:--:--:--:--:-- UPC008034
00:--:--:--:--:-- UPC011853
00:--:--:--:--:-- UPC019652
00:--:--:--:--:-- bobi13
bc:--:--:--:--:-- ASUS_lgdp
* ping all online IPs; with timeout
#!/usr/bin/python
from scapy.all import *
TIMEOUT = 2
conf.verb = 0
for ip in range(0, 256):
packet = IP(dst="192.168.1." + str(ip), ttl=20)/ICMP()
reply = sr1(packet, timeout=TIMEOUT)
if not (reply is None):
print reply.src, "is online"
else:
print "Timeout waiting for %s" % packet[IP].src
(doesn't really continue once it reaches my own IP)
* [[http://samsclass.info/124/proj11/123-P14x-promscan.html|Detecting Promiscuous NICs with scapy]] fun exercise, tried it with 2 wifi cards