What is scapy?

Scapy is an interactive environment that lets you build packets of any type you want and send them onto the network, and monitor the responses. It can be used for almost anything you want: port scanning, testing firewalls and IPS systems, attacks, etc.

Finding the Target IP Address

Open the client1 (Kali32) virtual machine. Log in as root with the password toor

This is your Target.

Use this command to find your Target IP address:

ifconfig
Your Target IP address should be 172.16.1.203, as shown below.

Starting scapy

Open the client2 (Kali64) virtual machine. Log in as root with the password toor

Use this command to start scapy:

scapy
scapy opens, as shown below on this page.

Sending ICMPv4 Packets with scapy

In the Linux machine, in the Terminal window, at the >>> prompt, type this command, and then press the Enter key:
i = IP()
This creates an object named i of type IP. To see the properties of that object, use the display() method with this command:
i.display()
A list of values appears, starting with the version number (4) and ending with the source and destination IP addresses, as shown below on this page.

If the colors are difficult to see, adjust them by clicking Edit, "Profile Preferences", Colors. I used "Black on light yellow".

Use these commands to set the destination IP address and display the properties of the i object again.

i.dst="172.16.1.203"

i.display()

Notice that scapy automatically fills in your machine's source IP address, as shown below on this page.

Use these commands to create an object named ic of type ICMP and display its properties:

ic = ICMP()

ic.display()

There aren't many properties for this object--it's just an echo-request, as shown below on this page.

Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:

sr1(i/ic)
This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4. As you can see in the image below, the response is shown, with ICMP type echo-reply.

The Padding section shows the portion of the packet that carries higher-level data. In this case it contains only zeroes as padding, as shown below.

Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):

sr1(i/ic/"YOUR NAME")
You should see a reply with a Raw section containing your name, as shown below on this page.

Sending a UDP Packet

On the target Kali 32 machine, in a Terminal window, execute this command:

Note that the second switch in the nc commmand is a lowercase L, not the numeral 1.

nc -ulp 4444
Leave that Terminal window open.

In the Terminal window, at the top, click File, "Open Terminal" to open a second Terminal window. In the second window, execute this command:

netstat -aun
You should see UDP port 4444 open, as shown below on this page.

Sending a UDP Packet from scapy

In your Kali 64 machine, in the Terminal window, at the >>> prompt, type these commands, and then press the Enter key:
u = UDP()

u.display()

This creates an object named u of type UDP, and displays its properties, as shown below.

Execute these commands to change the destination port to 4444 and display the properties again:

u.dport = 4444

u.display()

Your UDP packet's properties should look like the image below on this page:

Execute this command to send the packet to the Target machine:

send(i/u/"YOUR NAME SENT VIA UDP\n")
On the Windows target, you should see the message appear, as shown below on this page:


Sources

http://packetstorm.linuxsecurity.com/papers/general/blackmagic.txt

http://www.secdev.org/projects/scapy/

http://ipv6hawaii.org/?p=143


Last revised 8:30 pm 10-3-13
Revised for NETLAB 6-8-16