Two weeks ago I posted about my intention to write a “dummies” guide to Scapy. So here it is “The Very Unofficial Dummies Guide to Scapy”. If you have read the online version it’s still worth a look as I’ve made it look all nice and shiny and added some additional content that wasn’t in the online version.
The whole point of this guide was to write a beginner’s guide for scapy, and when I say beginners I include myself. Up until I starting writing this guide I hadn’t used Scapy so I’ve learnt as I’ve gone. The guide covers the basic Scapy functions and abilities, it won’t make you a Scapy expert but I hope it will give you a start.
I actually really enjoyed writing this, and using Scapy and as such I intend to carry on updating the guide. I’ve already thought of some more things to add into the next few chapters and once I’ve finished studying for my Security+ exam in June I will carry on working on this guide.
I’m not expecting the guide to be perfect, I’ve read through it a few times now, and made changes as suggested by the people who have proof read it for me. I only ask 2 things of the people who take the time to read this guide.
- Please provide feedback and comments, good or bad I don’t mind and if you post them on this post I will make them public. It’s important for me to understand if you actually find this useful and if there is anything else you want to see in it.
I’m also still looking for ideas and examples of what can be done with Scapy, both for the next release of the guide and for my own personal knowledge. So if you use Scapy in anger then let me know for what.
So enjoy and please share the love that is Scapy.
Reblogged this on (tha Hyp0tez blog) and commented:
Tremendous work and Very well written guide!
Well written, but in my opinion you would have written something more about fuzzing to have more success.
Hi Luc, I agree that some of the more advanced functions like fuzzing is missing. Thank you for your feedback and I will update the guide to include more around that topic.
I can’t comment on the content yet, haven’t really read but only skimmed it, but: please, please, please use a monospaced font for everything that’s code and do not print the code in italics. Other than that, it makes a good first impression.
And for future versions, you might want to increase the resolution for the page header image, it doesn’t look very sharp when printed.
I will change the font over the weekend, and I think you are right about the header image it didn’t look very when I converted it to PDF but that’s an easy fix. Thanks for the feedback.
I have a question regarding scapy. I have started using scapy and wanted just check with ipfw filrewall.
However I found some interesting stuff.
I enabled ifpw and added two rules.
ipfw add 100 check-state
ipfw add allow ip from me to any out keep-state
Now with these two rules, any connection going out of my system should be available in statetable. I tried pinging http://www.google.com and found the entries in statetable.
Now I tried pinging using scapy, I get a response however I dont see the state table entry. Is there anything I am missing? please let me know.
No you’re not missing anything. What you’ve found is a side effect of using Scapy. Scapy creates a raw socket, so basically the whole of the TCP/IP on the OS is circumvented. Any traffic you created from Scapy won’t be filtered by IPTables.
You may be able to get around this by using Scapy from within a python script.
Hope this helps.
I tried from python script but it is still not shown in state table. In this case, scapy may not be the proper tool for me to test these kind of scenarios.
Can you please let me know if there are any other tools which will help me in trying these scenarios?
Great guide.I have been in IT a while but very new to Python and Scapy. Now onto my projects , Thanks.