Scapy talk

2,828 views
2,551 views

Published on

Scapy Primer Session at Bangalore Local Security Meetup.

Null , SecurityXploded, Garage4hackers , OWASP

Published in: Technology, Education
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
2,828
On SlideShare
0
From Embeds
0
Number of Embeds
47
Actions
Shares
0
Downloads
96
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Scapy talk

  1. 1. NullSecurityXploded Ashwin PatilGarage4hackers GCIH, RHCE,CCNA Information Security EnginnerOWASP
  2. 2. Agenda Introduction Why Scapy ? Basic Commands Building your first packet Assembling full packet Write your own Port scanner Demo: SYN Scan and IP Spoofing Built-in Sniffer Functionality Scapy Strengths References
  3. 3. Introduction Powerful interactive packet manipulation program Enable to send, sniff, dissect and forge network packets Can manipulate and process packets at every layer of TCP/IP Supports wide range of Protocols and adding your own. Interactive shell OR Python module Today : Interactive shell and TCP/IP
  4. 4. Why Scapy ? Flexible unlike other packet crafting tools with limited functionalities. Little knowledge required to build your own tools Single Replacement for Multiple tools such as wireshark, nmap, hping etc. Build your own tools with Combined Techniquese.g. VLAN hopping + ARP Cache poisoning Any field in every TCP/ IP layer can be altered Decode packets ( Received a TCP Reset on port 80),and not Interprets ( Port 80 is Closed)
  5. 5. Basic Commands Scapy Start List of Supported Protocols Available Commands in Scapy
  6. 6. IP HeaderIP Fields in Scapy
  7. 7. TCP HeaderTCP Fields in Scapy
  8. 8. Building your first packetBuilding packet at IP layerBuilding packet at TCP layer
  9. 9. Assembling full packetAssembling full packet at TCP/IP Packet ready to send with Calculated values
  10. 10. Write your own port scannerPort Scanning :“An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port”Result Status :Open : The host sent a reply indicating that a service is listening on the port.Closed : The host sent a reply indicating that connections will be denied to the port.Filtered: There was no reply fromthe host.
  11. 11. Demo Time DEMO
  12. 12. Demo : SYN ScanSYN Scan: a.k.a. Half Open scanningSends : SYN PacketResponse:SYN, ACK- Open,RST, ACK – Closed,No response - Filteredand if Port is open then doesnt send ACK to complete 3way handshake.
  13. 13. Built-in Sniffing FunctionalitySniffing:”Captures traffic on all or just parts of the network from single machine within the network”
  14. 14. Scapy Strengths Rogue Router Advertisements with Scapyhttp://samsclass.info/ipv6/proj/flood-router6a.htm Malicious Content Harvesting with Python, WebKit, and Scapyhttp://dvlabs.tippingpoint.com/blog/2011/11/28/malicious-content-harvesting DEEPSEC: Extending Scapy by a GSM Air Interfacehttp://blog.c22.cc/2011/11/17/deepsec-extending-scapy-by-a-gsm-air-interface/ Use Scapy to test snort rulesAnd many more …..
  15. 15. References Scapy Documentationww.secdev.org/projects/scapy/files/scapydoc.pdf Nmap port scanning techniqueshttp://nmap.org/book/man-port-scanning-techniques.html http://en.wikipedia.org/wiki/Port_scanner http://en.wikipedia.org/wiki/Packet_analyzerImages: http://www.wtcs.org/snmp4tpc/images/IP-Header.jpg http://www.wtcs.org/snmp4tpc/images/TCP-Header.jpg
  16. 16. Thank You !!!Comments ,Feedbacks, SuggestionsTwitter : @ashwinpatilLinkedIn :http://in.linkedin.com/in/ashwinrpSlideshare : ashwin_patilhttp://www.slideshare.net/ashwin_patil Image Credit: http://shirtshovel.com/products/geek/tcpip-434.jpg

×