[HN Gopher] Scapy: Low level packet hacking toolkit for Python
___________________________________________________________________
Scapy: Low level packet hacking toolkit for Python
Author : rl1987
Score : 168 points
Date : 2022-05-08 14:15 UTC (8 hours ago)
(HTM) web link (www.trickster.dev)
(TXT) w3m dump (www.trickster.dev)
| therealchiggs wrote:
| Scapy is great if you want to send and receive packets onto a
| network from Python. There are a few gotchas, for example it can
| be eager to send real packets out in order to resolve names which
| might not always be what you want if you're doing offline
| analysis.
|
| If you are parsing packet captures or defining custom protocols
| then dpkt[0] is also worth a look. It's a simpler module with
| substantially higher performance.
|
| [0] https://dpkt.readthedocs.io/en/latest/
| m3047 wrote:
| Additionally scapy is GPL and dpkt is more permissive. They
| both make mistakes, it can be illuminating to try both side by
| side. Scapy is more forgiving. dpkt is more performant.
| ossusermivami wrote:
| I have been doing a lot of Go and Rust these last few years but
| always come back to Python for quick iterations and proof of
| concept, scapy is a blessing for low level network programming
| inspections.
| NelsonMinar wrote:
| Scapy's great. Another similar library is Impacket:
| https://github.com/SecureAuthCorp/impacket
| posnet wrote:
| Scapy is great, but if you need only something simple, it's hard
| to go past dpkt https://github.com/kbandla/dpkt
| wildmanx wrote:
| I'd join the overall praise here, but some design choices in
| Scapy are quite weird and the implementations for many protocols
| are just plain terrible. Granted, that's not the fault of the
| original designers, since those protocols just fly around on
| Github, but geez are some of them bad..
| dang wrote:
| Related:
|
| _Scapy: a powerful interactive packet manipulation program_ -
| https://news.ycombinator.com/item?id=4892380 - Dec 2012 (13
| comments)
|
| _Traceroute in 15 lines of code using Scapy_ -
| https://news.ycombinator.com/item?id=6653644 - Nov 2013 (2
| comments)
| m3047 wrote:
| Protobuf as a Scapy dissector, with Farsight's SIE as an example:
| https://github.com/m3047/tahoma_nmsg
| Flocular wrote:
| Sadly it's missing a native TCP-reassambly. Was caught by suprise
| by that recently, but there's always pyshark
| sanqui wrote:
| Unfortunately, in my experience Wireshark sometimes fails to
| reassemble TCP streams after a retransmission or out-of-order
| event, despite the presence of a checkbox to do just that...
| guardiangod wrote:
| I wrote a pcap re-orderer (with scapy) just for this bug.
| shriphani wrote:
| Scapy is an exceptional library that I enjoyed using for a recent
| project. However, I felt that the focus is entirely on capturing
| and analyzing traffic. If you want to manipulate the packets then
| the API is a little unsuited for that (for example recomputing
| packet checksums requires some invocation to pretty-print the
| packet which is weird).
|
| OTOH, really amazing project to put together quick packet-level
| prototypes. Really shows the strength of the python ecosystem.
| tomrod wrote:
| I've been wanting to learn more about the low level networking
| space. Is this a good library to use as a springboard for that?
| ttyprintk wrote:
| The built-in sockets library in Python tells you which
| constants are already available, and has useful functions like
| gethostbyaddr.
|
| Since you didn't mention a platform, also note that (last I
| looked) WSL was inadequate for crafting raw packets.
| [deleted]
| fedeb95 wrote:
| I've used it successfully for my ends in a personal project of
| mine. Together with wireshark it's good for learning in my
| experience
| zamadatix wrote:
| This also depends what you consider "low level networking" and
| how you want to learn. Scapy can be made to work it may just be
| either under or overkill depending on what you are wanting to
| achieve. Implementing HTTP from the ground up? Scapy is
| probably overkill, just open a TCP socket in your language of
| choice and start building. Just want to understand what happens
| if different fields are changed below what a standard TCP/UDP
| socket call gets you access to? Scapy is a great choice to
| abstract the OS specific pieces out of the way and provide you
| with prebuilt blocks to base your experimentation off of.
| freedomben wrote:
| It really depends on how much you already know. "Practical
| Packet Analysis" (No Starch Press) is a great book that I
| really appreciated: https://nostarch.com/packetanalysis3
| McNutty wrote:
| Does it work properly in python running in Windows?
| octagons wrote:
| I've used scapy for years and found it especially useful when
| performing internal penetration tests. It has useful patterns for
| tasks like quickly putting together a custom DNS server, UDP
| source spoofing, walking all ICMP codes (or a quick and dirty
| ICMP redirect tool), or couple it with matplotlib and to estimate
| how many active hosts are communicating with a remote server
| based on TCP sequence numbers (I believe this is part of the
| scapy examples.)
|
| Coupled with interfaces to import and export PCAP files, it's
| also a great way to learn about or explore/tamper with network
| protocols.
|
| The fact that it's implemented in Python might scare some off,
| but I personally feel that this only adds to its usefulness since
| it can benefit from all of the external tooling and flexibility
| that comes with the language.
| truthwhisperer wrote:
| unmole wrote:
| Some of the choices are a bit odd but it's an absolutely
| brilliant library. It's super simple to get started with and
| fairly easy to extend. If you do end up adding support for a
| standard protocol, please consider submitting a PR. The
| developers are super responsive and helpful.
___________________________________________________________________
(page generated 2022-05-08 23:00 UTC)