Quick intro

# scapy6
Welcome to Scapy (1.2.0.2)
IPv6 enabled
>>>
>>> e = Ether(dst="aa:bb:cc:dd:ee:ff")
>>> i = IP(src="192.168.3.111", dst="192.168.3.112")
>>> t = TCP()
>>> p = e / i / t
>>> sendp(p)
.
Sent 1 packets.


>>> i6 = IPv6(dst="::2222")
>>> u = UDP(dport=10)
>>> p6 = e / i / i6 / u / 'World 45'
>>> sendp(p6, count=10)
..........
Sent 10 packets.
>>> 

There are various ways to display a packet, try p6.summary() and p6.show() or ls(p6) commands. You can also write standalone Python apps using the scapy or scapy6 module.

Scapy homepage and documentation

Scapy can do a lot more than just generating packets, check out the following pages:

• http://www.secdev.org/projects/scapy/ - offcial site
• http://www.secdev.org/projects/scapy/demo.html - Quick demo : an interactive session
• http://hackaholic.org/papers/blackmagic.txt - Packet Wizardry: Ruling the Network with Python

Installing Scapy on Solaris

Note, that Scapy versions >=2.0.0 use Python-2.5, while Solaris comes with Python-2.4.

• generic Unix installation guide: http://www.secdev.org/projects/scapy/portability.html
• install scapy: http://www.secdev.org/projects/scapy/

Scapy for IPv6

Scapy has a separate branch for IPv6, branched off from Scapy-1.2

• http://namabiiru.hongo.wide.ad.jp/scapy6 - official Scapy6 site (seems to be down)
• See the Mercurial repository of Scapy6, use 'hg clone http://hg.natisbad.org/scapy6' to fetch the project to a local directory
• Scapy6 is hosted in World45's Subverion repo, use 'svn co https://black.world45.com/svn/w45/vendor/scapy6' to fetch (currently there is no anonymous access although)

Scapy prerequisities

You may try out Scapy without satisfying the following dependencies but the functionality will be severly limited, for example you won't be able to send/capture packets. To get full functionality:

Libraries

• install libdnet: http://sourceforge.net/projects/libdnet/
  • make sure the Python module is compiled also: ./configure --with-python=/usr/sfw/bin/
  • you may need this link: ln -s /usr/local/lib/python2.4/site-packages/dnet.so /usr/lib/python2.4/site-packages/dnet.so
• install libpcap: http://sourceforge.net/projects/libpcap/
• install swig: http://sourceforge.net/projects/swig/

install Python wrapper for libpcap

Get it from CVS (the releases didn't build for me) - hit enter for CVS password:

$  cvs -d:pserver:anonymous@pylibpcap.cvs.sourceforge.net:/cvsroot/pylibpcap login 
Logging in to :pserver:anonymous@pylibpcap.cvs.sourceforge.net:2401/cvsroot/pylibpcap
CVS password: 
cvs login: CVS password file /home/andras/.cvspass does not exist - creating a new file
$  cvs -z3 -d:pserver:anonymous@pylibpcap.cvs.sourceforge.net:/cvsroot/pylibpcap co -P pylibpcap

Build it with

python ./setup.py build

If pcap (or pcap.h) is not found during linking:

export LD_LIBRARY_PATH=/usr/local/lib/
export CFLAGS=-I/usr/local/include/

After building it I had to manually install the modules:

# cp pcap.py /usr/lib/python2.4/
# cp ./build/lib.solaris-2.11-sun4v-2.4/_pcapmodule.so /usr/lib/python2.4/

Command line history in Scapy

On Solaris the Python package comes without the readline module. If you want to re-invoke your commands in Scapy (same as in shells) instead of always retyping them, then install the readline module:

• install Python readline: http://cheeseshop.python.org/pypi/readline/2.4.2 - I couldn't install it although, it seems to be aimed at MacOS
• better yet: install Python from sources. Here are some simple instructions on how to do it.

-- AndrasLipoth - 12 Sep 2008