Download - Scapy talk
Ashwin PatilGCIH, RHCE,CCNA
Information Security Enginner
NullSecurityXplodedGarage4hackersOWASP
Agenda
Introduction Why Scapy ? Basic Commands Building your first packet Assembling full packet Write your own Port scanner Demo: SYN Scan and IP Spoofing Built-in Sniffer Functionality Scapy Strengths References
Introduction
Powerful interactive packet manipulation program
Enable to send, sniff, dissect and forge network packets
Can manipulate and process packets at every layer of TCP/IP
Supports wide range of Protocols and adding your own.
Interactive shell OR Python module
Today : Interactive shell and TCP/IP
Why Scapy ?
Flexible unlike other packet crafting tools with limited functionalities.
Little knowledge required to build your own tools
Single Replacement for Multiple tools such as wireshark, nmap, hping etc.
Build your own tools with Combined Techniquese.g. VLAN hopping + ARP Cache poisoning
Any field in every TCP/ IP layer can be altered
Decode packets ( Received a TCP Reset on port 80), and not Interprets ( Port 80 is Closed)
Basic Commands Scapy Start
List of Supported Protocols
Available Commands in Scapy
IP Header
IP Fields in Scapy
TCP Header
TCP Fields in Scapy
Building your first packet
Building packet at IP layer
Building packet at TCP layer
Assembling full packet
Assembling full packet at TCP/IP Packet ready to send with Calculated values
Write your own port scanner
Port Scanning : “An attack that sends client requests to a range of server port addresses on a
host, with the goal of finding an active port”
Result Status :
Open : The host sent a reply indicating that a service is listening on the port.
Closed : The host sent a reply indicating that connections will be denied to the port.
Filtered: There was no reply from the host.
Demo Time
DEMO
Demo : SYN Scan
SYN Scan: a.k.a. Half Open scanningSends : SYN PacketResponse: SYN, ACK- Open, RST, ACK – Closed, No response - Filtered
and if Port is open then doesnt send ACK to complete 3way handshake.
Built-in Sniffing Functionality
Sniffing:
”Captures traffic on all or just parts of the network from single machine within the network”
Scapy Strengths
Rogue Router Advertisements with Scapyhttp://samsclass.info/ipv6/proj/flood-router6a.htm
Malicious Content Harvesting with Python, WebKit, and Scapyhttp://dvlabs.tippingpoint.com/blog/2011/11/28/malicious-content-harvesting
DEEPSEC: Extending Scapy by a GSM Air Interfacehttp://blog.c22.cc/2011/11/17/deepsec-extending-scapy-by-a-gsm-air-
interface/
Use Scapy to test snort rules
And many more …..
References
Scapy Documentationww.secdev.org/projects/scapy/files/scapydoc.pdf Nmap port scanning techniqueshttp://nmap.org/book/man-port-scanning-techniques.html http://en.wikipedia.org/wiki/Port_scanner http://en.wikipedia.org/wiki/Packet_analyzer
Images: http://www.wtcs.org/snmp4tpc/images/IP-Header.jpg http://www.wtcs.org/snmp4tpc/images/TCP-Header.jpg
Thank You !!!
Image Credit: http://shirtshovel.com/products/geek/tcpip-434.jpg
Comments ,Feedbacks, Suggestions
Twitter : @ashwinpatilLinkedIn : http://in.linkedin.com/in/ashwinrpSlideshare : ashwin_patilhttp://www.slideshare.net/ashwin_patil