Its packet manipulation mechanism. One can send and receive the packet of large no. of protocols. Its useful to send and receive reply in order to further analysis. Scapy provides many classical tasks such as :
Why to use this as we already have nmap, hping, arpspoor and other network analysis tools?
First, with most other tools, you won't build someting the author did not imagine. These tools have been built for a specific goal and can't deviate much from it. For example, an ARP cache poisoning program won't let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.
Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved to human beings. Some programs try to mimic this behaviour. For instance they say "this port is open" instead of "I received a SYN-ACK". Sometimes they are right. Sometimes not. It's easier for beginners, but when you know what you're doing, you keep on trying to deduce what really happened from the program's interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using tcpdump -xX to decode and interpret what the tool missed.
Third, even programs which only decode do not give you all the information they received. The network's vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the padding ?
Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking a 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don't know. Scapy has a flexible model that tries to avoid such arbitrary limits. You're free to put any value you want in any field you want, and stack them like you want. You're an adult after all.
In fact, it's like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy.
After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times, ask for a traceroute and look at the padding for instance.
First step is you need to start scapy which will be installed by default in Kali linux. Just type scappy and you are done. Scapy will run.
|Opening scapy in Kali linux|
After creating a packet we need to see what is there inside it. So lets check the packet by giving below command. Here I am using IP() inbuilt function to create a packet.
|Creating IP Packet|
|Watching list of all supported packets|
So our task is to send ping request which means we need to send ICMP echo packet to our guest or victim. So lets create an ICMP echo packet. for that we will call icmp() function.
after creating ICMP packets lets check what is there inside it.
|Creating and watching ICMP packet|
where chintan is our packet name dst is parameter and we are setting the value of that parameter.
Now lets see the packet by giving below command:
|Changing destination address in chintan packet|
To see real time packet whether it has been sent or not, lets run wireshark. I will set my interface eth0 to capture the network traffic. Picture is as follows:
Below picture shows that right now there is no any packet shown in wireshark field. As we have not sent any packet.
Below picture shows as soon as we will send one packet it will be captured and seen in wireshark
|Sending and confirming echo packet|
|Sending more packets|
As we are sending more packets we are getting more results. Thus how we can send and receive packet without using a ping command.
Reference : Scapy