• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Scapy talk

Scapy talk



Scapy Primer Session at Bangalore Local Security Meetup.

Scapy Primer Session at Bangalore Local Security Meetup.

Null , SecurityXploded, Garage4hackers , OWASP



Total Views
Views on SlideShare
Embed Views



4 Embeds 20

http://www.linkedin.com 10
https://twitter.com 7
https://www.linkedin.com 2
http://tweetedtimes.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Scapy talk Scapy talk Presentation Transcript

    • NullSecurityXploded Ashwin PatilGarage4hackers GCIH, RHCE,CCNA Information Security EnginnerOWASP
    • Agenda Introduction Why Scapy ? Basic Commands Building your first packet Assembling full packet Write your own Port scanner Demo: SYN Scan and IP Spoofing Built-in Sniffer Functionality Scapy Strengths References
    • Introduction Powerful interactive packet manipulation program Enable to send, sniff, dissect and forge network packets Can manipulate and process packets at every layer of TCP/IP Supports wide range of Protocols and adding your own. Interactive shell OR Python module Today : Interactive shell and TCP/IP
    • Why Scapy ? Flexible unlike other packet crafting tools with limited functionalities. Little knowledge required to build your own tools Single Replacement for Multiple tools such as wireshark, nmap, hping etc. Build your own tools with Combined Techniquese.g. VLAN hopping + ARP Cache poisoning Any field in every TCP/ IP layer can be altered Decode packets ( Received a TCP Reset on port 80),and not Interprets ( Port 80 is Closed)
    • Basic Commands Scapy Start List of Supported Protocols Available Commands in Scapy
    • IP HeaderIP Fields in Scapy
    • TCP HeaderTCP Fields in Scapy
    • Building your first packetBuilding packet at IP layerBuilding packet at TCP layer
    • Assembling full packetAssembling full packet at TCP/IP Packet ready to send with Calculated values
    • Write your own port scannerPort Scanning :“An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port”Result Status :Open : The host sent a reply indicating that a service is listening on the port.Closed : The host sent a reply indicating that connections will be denied to the port.Filtered: There was no reply fromthe host.
    • Demo Time DEMO
    • Demo : SYN ScanSYN Scan: a.k.a. Half Open scanningSends : SYN PacketResponse:SYN, ACK- Open,RST, ACK – Closed,No response - Filteredand if Port is open then doesnt send ACK to complete 3way handshake.
    • Built-in Sniffing FunctionalitySniffing:”Captures traffic on all or just parts of the network from single machine within the network”
    • Scapy Strengths Rogue Router Advertisements with Scapyhttp://samsclass.info/ipv6/proj/flood-router6a.htm Malicious Content Harvesting with Python, WebKit, and Scapyhttp://dvlabs.tippingpoint.com/blog/2011/11/28/malicious-content-harvesting DEEPSEC: Extending Scapy by a GSM Air Interfacehttp://blog.c22.cc/2011/11/17/deepsec-extending-scapy-by-a-gsm-air-interface/ Use Scapy to test snort rulesAnd many more …..
    • References Scapy Documentationww.secdev.org/projects/scapy/files/scapydoc.pdf Nmap port scanning techniqueshttp://nmap.org/book/man-port-scanning-techniques.html http://en.wikipedia.org/wiki/Port_scanner http://en.wikipedia.org/wiki/Packet_analyzerImages: http://www.wtcs.org/snmp4tpc/images/IP-Header.jpg http://www.wtcs.org/snmp4tpc/images/TCP-Header.jpg
    • Thank You !!!Comments ,Feedbacks, SuggestionsTwitter : @ashwinpatilLinkedIn :http://in.linkedin.com/in/ashwinrpSlideshare : ashwin_patilhttp://www.slideshare.net/ashwin_patil Image Credit: http://shirtshovel.com/products/geek/tcpip-434.jpg