Scapy Guide – The Release

Two weeks ago I posted about my intention to write a “dummies” guide to Scapy. So here it is “The Very Unofficial Dummies Guide to Scapy”. If you have read the online version it’s still worth a look as I’ve made it look all nice and shiny and added some additional content that wasn’t in the online version.

The whole point of this guide was to write a beginner’s guide for scapy, and when I say beginners I include myself. Up until I starting writing this guide I hadn’t used Scapy so I’ve learnt as I’ve gone. The guide covers the basic Scapy functions and abilities, it won’t make you a Scapy expert but I hope it will give you a start.

I actually really enjoyed writing this, and using Scapy and as such I intend to carry on updating the guide. I’ve already thought of some more things to add into the next few chapters and once I’ve finished studying for my Security+ exam in June I will carry on working on this guide.

I’m not expecting the guide to be perfect, I’ve read through it a few times now, and made changes as suggested by the people who have proof read it for me. I only ask 2 things of the people who take the time to read this guide.

1. Please provide feedback and comments, good or bad I don’t mind and if you post them on this post I will make them public. It’s important for me to understand if you actually find this useful and if there is anything else you want to see in it.

2. I’m also still looking for ideas and examples of what can be done with Scapy, both for the next release of the guide and for my own personal knowledge. So if you use Scapy in anger then let me know for what.

So enjoy and please share the love that is Scapy.

Adam

Advertisements

9 thoughts on “Scapy Guide – The Release

  1. I can’t comment on the content yet, haven’t really read but only skimmed it, but: please, please, please use a monospaced font for everything that’s code and do not print the code in italics. Other than that, it makes a good first impression.

    And for future versions, you might want to increase the resolution for the page header image, it doesn’t look very sharp when printed.

  2. Hi,

    I have a question regarding scapy. I have started using scapy and wanted just check with ipfw filrewall.

    However I found some interesting stuff.

    I enabled ifpw and added two rules.

    ipfw add 100 check-state
    ipfw add allow ip from me to any out keep-state

    Now with these two rules, any connection going out of my system should be available in statetable. I tried pinging http://www.google.com and found the entries in statetable.

    Now I tried pinging using scapy, I get a response however I dont see the state table entry. Is there anything I am missing? please let me know.

    1. HI Pavan,

      No you’re not missing anything. What you’ve found is a side effect of using Scapy. Scapy creates a raw socket, so basically the whole of the TCP/IP on the OS is circumvented. Any traffic you created from Scapy won’t be filtered by IPTables.

      You may be able to get around this by using Scapy from within a python script.

      Hope this helps.

      1. Thanks Adam.

        I tried from python script but it is still not shown in state table. In this case, scapy may not be the proper tool for me to test these kind of scenarios.

        Can you please let me know if there are any other tools which will help me in trying these scenarios?

        Thanks
        pavan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s