analitics

Pages

Wednesday, April 5, 2017

The scapy python module - part 001.

Today I will start with scapy python module.
This is a good python module to deal and interact with network packets.
[root@localhost mythcat]# pip install scapy
Collecting scapy
  Downloading scapy-2.3.3.tgz (1.4MB)
    100% |████████████████████████████████| 1.4MB 904kB/s 
Building wheels for collected packages: scapy
  Running setup.py bdist_wheel for scapy ... done
  Stored in directory: /root/.cache/pip/wheels/bd/cf/...
Installing collected packages: scapy
Successfully installed scapy-2.3.3
The first test is to test is the echo of Layer 3 ICMP.
Use the superuser shell to run this python script:
from scapy.all import *
dstip=raw_input("enter the ip address \n")
icmp=ICMP()
icmp.type=8
icmp.code=0
ip=IP()
ip.dst=dstip
p=sr1(ip/icmp,timeout=5, verbose=0)
if(p):
        print "Layer 3 is up"
else:
        print "Layer 3 status is down"
The next python script will about arp request:
from scapy.all import *
def arp_display(pkt):
    if pkt[ARP].op == 1: 
        return "Request: " + pkt[ARP].psrc + " is asking about " + pkt[ARP].pdst
    if pkt[ARP].op == 2: 
        return "*Response: " + pkt[ARP].hwsrc + " has address " + pkt[ARP].psrc
print sniff(prn=arp_display, filter="arp", store=0, count=10)
This will read the packages from source and destination and show me what ARP traffic my computer is seeing.