Scapy

$>>$sudo apt$-$get install python$-$scapy

$>>$sudo apt$-$get install imagemagick

$>>$sudo apt$-$get install graphviz

Go into Scapy

$>>$sudo scapy

The first thing we are going to do is run a Scapy ls$()$ function, which lists all available layers:

$>>>$ ls$()$

What do you see?

Scapy can do pure packet dumps like tcpdump:

$>>$ifconfig

$>>$find interfaces

$>>>$ sniff$($iface$="$en$0",$ prn$=$lambda x: x$.$show$())$

What do you see?

What is the value of the data you see? How could you use it$?$

Send an ICMP packet:

$>>>$h$=$sr$1($IP$($dst$=8\mathrm{.}8\mathrm{.}8\mathrm{.}8)/$ICMP$())$

$>>>$h

$>>>$h$.$show$()$

What do you see?

Now add your own payload

$>>>$h$=$sr$1($IP$($dst$=8\mathrm{.}8\mathrm{.}8\mathrm{.}8)/$ICMP$()/$Hello Google$)$

$>>>$h$.$show$()$

Now, if you are bridged, you may be able to communicate with your friend. Get his or her IP$,$ then send packets with your own payload message. On the receiving end, they can set tcpdump to listen to the message

A command such as:

$>>$sudo tcpdump $-$nnvvXSs $1514-$i eth$1$proto ICMP$$

Can you think of some use for this approach?

Sniffing:

$>>>$sniff$()$

Collect data for a while

Then control $+$ c

$>>>$a$=\_$

$>>>$a$.$nsummary$()$

What do you see?

Set your VM to bridged mode

You can also do some very slick network visualization of traceroutes if you install graphviz and imagemagic. This example is borrowed from the official Scapy documentation:

$>>>$ res,unans $=$ traceroute $(["$www$.$microsoft.com","www$.$cisco.com", $"$www$.$yahoo.com","www$.$wanadoo.fr$","$www$.$pacsec.com"$],$ dport$=[80,443],$ maxttl$=20,$retry$=-2)$

What do you see?

You can now create a fancy graph from those results:

$>>>$ res.graph$()$

What do you see?

What does the graph tell you?

Try a few other websites