User Tools

Site Tools


Scapy interactive tutorial

Scapy, an interactive packet manipulation program

followed the tutorial, did not get further from generating packets; scapy got stuck when trying to read a pcap file that was written by aircrack

how to

>>> pkts=sniff(count=100, iface="wlan1") #use exteranl wifi card to sniff
<Sniffed: TCP:0 UDP:47 ICMP:0 Other:53>
>>> wrpcap(‘traffic.pcap’,pkts)      #  Write list of packets to PCAP file
>>> packetlist = rdpcap(‘traffic.pcap’) #  Read PCAP file into list of packets
>>> for pkt in packetlist:
...     print pkt, pkt.src, #src give the MAC address of the device; name gives the protocol (Ethernet/802.3...)

returns a dump like this:

.H?     ??????????n??n????d     UPC00803????$0Hl
                                                        `?      ??P?P?P?P?P?
.H?     ??????????{v
.H?     ???8?3??
.H?     ?????????ia|?ia|?0/j?Q?d        UPC01185????$0Hl
                                                                `?      ??P?P?P?P?P?
.H0?    ???L?%EY
.H?     ???8?3??
.H?     ???8?3??
.H0?    ???L?%EY
.H?     ???


works great, extracts MAC addresses and ESSIDs found in a pcap file.

downloaded this script by Tim Medin; run it like this:

./ -f [a .pcap file] | sort -u

returns a list like this:

00:--:--:--:--:--       Alexxa
00:--:--:--:--:--       NETGEAR
00:--:--:--:--:--       UPC008034
00:--:--:--:--:--       UPC011853
00:--:--:--:--:--       UPC019652
00:--:--:--:--:--       bobi13
bc:--:--:--:--:--       ASUS_lgdp
  • ping all online IPs; with timeout
from scapy.all import *

conf.verb = 0

for ip in range(0, 256):
    packet = IP(dst="192.168.1." + str(ip), ttl=20)/ICMP()
    reply = sr1(packet, timeout=TIMEOUT)
    if not (reply is None):
         print reply.src, "is online"
         print "Timeout waiting for %s" % packet[IP].src

(doesn't really continue once it reaches my own IP)

scapy-usage-examples.txt · Last modified: 2012/08/05 12:12 by