Scapy talk

Ashwin PatilGCIH, RHCE,CCNA

Information Security Enginner

NullSecurityXplodedGarage4hackersOWASP

Agenda

Introduction Why Scapy ? Basic Commands Building your first packet Assembling full packet Write your own Port scanner Demo: SYN Scan and IP Spoofing Built-in Sniffer Functionality Scapy Strengths References

Introduction

Powerful interactive packet manipulation program

Enable to send, sniff, dissect and forge network packets

Can manipulate and process packets at every layer of TCP/IP

Supports wide range of Protocols and adding your own.

Interactive shell OR Python module

Today : Interactive shell and TCP/IP

Why Scapy ?

Flexible unlike other packet crafting tools with limited functionalities.

Little knowledge required to build your own tools

Single Replacement for Multiple tools such as wireshark, nmap, hping etc.

Build your own tools with Combined Techniquese.g. VLAN hopping + ARP Cache poisoning

Any field in every TCP/ IP layer can be altered

Decode packets ( Received a TCP Reset on port 80), and not Interprets ( Port 80 is Closed)

Basic Commands Scapy Start

List of Supported Protocols

Available Commands in Scapy

IP Header

IP Fields in Scapy

TCP Header

TCP Fields in Scapy

Building your first packet

Building packet at IP layer

Building packet at TCP layer

Assembling full packet

Assembling full packet at TCP/IP Packet ready to send with Calculated values

Write your own port scanner

Port Scanning : “An attack that sends client requests to a range of server port addresses on a

host, with the goal of finding an active port”

Result Status :

Open : The host sent a reply indicating that a service is listening on the port.

Closed : The host sent a reply indicating that connections will be denied to the port.

Filtered: There was no reply from the host.

Demo Time

DEMO

Demo : SYN Scan

SYN Scan: a.k.a. Half Open scanningSends : SYN PacketResponse: SYN, ACK- Open, RST, ACK – Closed, No response - Filtered

and if Port is open then doesnt send ACK to complete 3way handshake.

Built-in Sniffing Functionality

Sniffing:

”Captures traffic on all or just parts of the network from single machine within the network”

Scapy Strengths

Rogue Router Advertisements with Scapyhttp://samsclass.info/ipv6/proj/flood-router6a.htm

Malicious Content Harvesting with Python, WebKit, and Scapyhttp://dvlabs.tippingpoint.com/blog/2011/11/28/malicious-content-harvesting

DEEPSEC: Extending Scapy by a GSM Air Interfacehttp://blog.c22.cc/2011/11/17/deepsec-extending-scapy-by-a-gsm-air-

interface/

Use Scapy to test snort rules

And many more …..

References

Scapy Documentationww.secdev.org/projects/scapy/files/scapydoc.pdf Nmap port scanning techniqueshttp://nmap.org/book/man-port-scanning-techniques.html http://en.wikipedia.org/wiki/Port_scanner http://en.wikipedia.org/wiki/Packet_analyzer

Images: http://www.wtcs.org/snmp4tpc/images/IP-Header.jpg http://www.wtcs.org/snmp4tpc/images/TCP-Header.jpg

Thank You !!!

Image Credit: http://shirtshovel.com/products/geek/tcpip-434.jpg

Comments ,Feedbacks, Suggestions

Twitter : @ashwinpatilLinkedIn : http://in.linkedin.com/in/ashwinrpSlideshare : ashwin_patilhttp://www.slideshare.net/ashwin_patil