Scapy, an interactive packet manipulation program

followed the tutorial, did not get further from generating packets; scapy got stuck when trying to read a pcap file that was written by aircrack

• write and read a .pcap file (http://wikihead.wordpress.com/tag/scapy/):

>>> pkts=sniff(count=100, iface="wlan1") #use exteranl wifi card to sniff
>>>pkts
<Sniffed: TCP:0 UDP:47 ICMP:0 Other:53>
>>> wrpcap(‘traffic.pcap’,pkts)      #  Write list of packets to PCAP file
>>> packetlist = rdpcap(‘traffic.pcap’) #  Read PCAP file into list of packets
>>> for pkt in packetlist:
...     print pkt, pkt.src, pkt.name #src give the MAC address of the device; name gives the protocol (Ethernet/802.3...)

returns a dump like this:

... 
.H?     ??????????n??n????d     UPC00803????$0Hl
                                                */0????
                                                       2
                                                        `?      ??P?P?P?P?P?
                                                                            ?P???'?BC^b2/
.H?     ??????????{v
?{v
`???dNETGEAR????
                P?
.H?     ???8?3??
.H?     ?????????ia|?ia|?0/j?Q?d        UPC01185????$0Hl
                                                        */0????
                                                               2
                                                                `?      ??P?P?P?P?P?
                                                                                    ?P???'?BC^b2/
.H0?    ???L?%EY
.H?     ???8?3??
.H?     ???8?3??
?3??
    ??EW/?@@?o?gJ}O??@\??
-j??-
?qK?????k??o??!??????RAu
.H0?    ???L?%EY
.H?     ???
           ???

• PACKETSTAN: Extracting AP names from Packet Captures

works great, extracts MAC addresses and ESSIDs found in a pcap file.

downloaded this script by Tim Medin; run it like this:

./APNameFromPcap.py -f [a .pcap file] | sort -u

returns a list like this:

00:--:--:--:--:--       Alexxa
00:--:--:--:--:--       NETGEAR
00:--:--:--:--:--       UPC008034
00:--:--:--:--:--       UPC011853
00:--:--:--:--:--       UPC019652
00:--:--:--:--:--       bobi13
bc:--:--:--:--:--       ASUS_lgdp

• ping all online IPs; with timeout

#!/usr/bin/python
from scapy.all import *

TIMEOUT = 2
conf.verb = 0


for ip in range(0, 256):
    packet = IP(dst="192.168.1." + str(ip), ttl=20)/ICMP()
    reply = sr1(packet, timeout=TIMEOUT)
    if not (reply is None):
         print reply.src, "is online"
    else:
         print "Timeout waiting for %s" % packet[IP].src

(doesn't really continue once it reaches my own IP)

• Detecting Promiscuous NICs with scapy fun exercise, tried it with 2 wifi cards