Scapy is a Python interactive packet manipulation program/library for computer networks. It runs natively on Linux, and Mac OS X and the latest version of scapy also supports Windows out-out-the-box. So, you can use nearly all Scapy's features on a Windows machine without any problems.
As mentioned in the official documentation, Scapy is a powerful interactive packet manipulation program. It can forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It can replace most of pentesters' favorite tools such as hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.
You may say now that, you don't know all these tools, well if you don't!, no worries. The authors of scapy designed it to be much easier for beginners, as well as a powerful tool for network analysts.
Why learn Scapy?
Now you may be wondering, why scapy specifically?
Well, the fact that scapy is beginner friendly, easy to understand and use and it provides us with a lot more functionalities than any other tool or module. Below are some of its features:
attack networks
can craft any packet and encode it.
send, sniff and dissect and forge network packets.
sending valid/invalid frames.
Injecting your own 802.11 frames.
Editing network packets on the fly.
Scanning the network.
Tracerouting and probing.
This capability/feature allows the construction of tools that can probe, scan or attack networks.
Installing Scapy
Alright, enough talking, now let's dive into the installation of this amazing program.
First, you need to install Python 2.7 or higher(3.4+), if you don't have Python installed yet, head to the python official website and download the installation setup depending on your platform.
Installing On Linux
If you are a Linux user, you can run scapy without libpcap, you can quickly install tcpdump on your Fedora/Red Hat/SUSE servers through the command line interface with:
dnf -y install tcpdump
If you are using Ubuntu/Debian-based distributions, you can install tcpdump using this command:
sudo apt-get install tcpdump
If you are using Arch-based distributions, try this command for installing tcpdump.
sudo pacman -S tcpdump
Installing Scapy
pip3 install scapy
Installing On Mac OS X
For Mac users, You may need to install libpcap first using the following commands:
brew update
brew install libpcap
Installing Scapy
pip3 install scapy
Installing On Windows
In Windows, you need to install npcap here. When you are done install scapy using the following command.
Installing Scapy
pip install scapy
That's basically it for the installation, now let's move to the last step
Scapy Overview
There are two ways of running scapy, one is using the interactive shell and the second is to import it in python script.
Using Interactive Shell
Using Python Script
The following lines will import all scapy modules, functions and variables, then we create and show an IP packet for testing purposes.
PS C:\Users\0xtraw> python
Python 3.9.4 (tags/v3.9.4:1f2e308, Apr 6 2021, 13:40:21) [MSC v.1928 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> from scapy.all import *
WARNING: No libpcap provider available ! pcap won't be used
>>> ip = IP()
>>> ip.show()
WARNING: No route found (no default route?)
###[ IP ]###
version = 4
ihl = None
tos = 0x0
len = None
id = 1
flags =
frag = 0
ttl = 64
proto = ip
chksum = None
src = 0.0.0.0
dst = 127.0.0.1
\options \
>>>
Basic Functions via Command Line (CLI)
The main basic functions we should know are:
ls() : list of available layers
explore() : graphical interface to display existing layers
lsc() : available functions
help() : help menu.
And within the function group, the most common are:
send(): send packets to level 2.
sendp(): send packets to level 3.
sr(): send and receive packets at level 3.
srp(): send and receive packets at level 2.
sr1(): send and receive only the first packet at level 3.
srp1(): sends and receives only the first packet to level 2.
sniff(): packet sniffing.
traceroute(): command traceroute.
arping(): Send who-has ARP requests to determine which machines are up in the network.
Some Practical Scapy Use Cases
Below is some application for scary. We will cover those use cases in our 30 Days Of Python For Hackers and Pentesters
Making a Network Scanner
Building an ARP Spoofer
How to Make a DNS Spoof Attack using Scapy in Python
How to Create Fake Access Points using Scapy in Python
Forcing Network Devices to Disconnect from Wi-Fi
How to Sniff HTTP Packets in the Network using Scapy in Python
How to Build a WiFi Scanner in Python using Scapy
Reader Feedback
Feedback from readers is always welcome. Let me know what you think about this guide—what you liked or disliked. Reader feedback is important for me as it helps me develop titles that I will get the most out of.
To send me general feedback, simply message me on Twitter twitter.com/xtremepentest.
Conclusion
Congrats, you have managed to install scapy. In the coming sections, we will go through each scapy application step-by-step.
References – Scapy module official documentation