|-d||increase log verbosity. Can be used many times.|
|-s FILE||use FILE to save/load session values (variables, functions, intances, ...)|
|use PRESTART_FILE instead of $HOME/.scapy_prestart.py as pre-startup file|
|-P||do not run prestart file|
|use STARTUP_FILE instead of $HOME/.scapy_startup.py as startup file|
do not run startup file
Only the vital commands to begin are listed here for the moment.
ls() lists supported protocol layers. If a protocol layer is given as parameter, lists its fields and types of fields. lsc() lists some user commands. If a command is given as parameter, its documentation is displayed. conf this object contains the configuration.
$HOME/.scapy_prestart.py This file is run before scapy core is loaded. Only the onf object is available. This file can be used to manipulate conf.load_layers list to choose which layers will be loaded:
$HOME/.scapy_startup.py This file is run after scapy is loaded. It can be used to configure some of the scapy behaviors:
More verbose examples are available at http://www.secdev.org/projects/scapy/demo.html Just run scapy and try the following commands in the interpreter.
Test the robustness of a network stack with invalid packets:sr(IP(dst="172.16.1.1", ihl=2, options="rsion=3)/ICMP())
Packet sniffing and dissection (with a bpf filter or thetereal-like output):a=sniff(filter="tcp port 110") a=sniff(prn = lambda x: x.display)
Sniffed packet reemission:a=sniff(filter="tcp port 110") sendp(a)
Pcap file packet reemission:sendp(rdpcap("file.cap"))
Manual TCP traceroute:sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport)
Protocol scan:sr(IP(dst="172.16.1.28", proto=(1,254)))
ACK scan:sr(IP(dst="172.16.1.28")/TCP(dport=(1,1024), flags="A"))
Passive OS fingerprinting:sniff(prn=prnp0f)
Active OS fingerprinting:nmap_fp("172.16.1.232")
ARP cache poisonning:sendp(Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target))
Does not give the right source IP for routes that use interface aliases.
May miss packets under heavy load.
Session saving is limited by Python ability to marshal objects. As a consequence, lambda functions and generators cant be saved, which seriously reduce usefulness of this feature.
BPF filters dont work on Point-to-point interfaces.
Philippe Biondi <firstname.lastname@example.org>
This manual page was written by Alberto Gonzalez Iniesta <email@example.com> and Philippe Biondi.
|-->||SCAPY (1)||May 12, 2003|