1SCAPY(1)                    General Commands Manual                   SCAPY(1)
2
3
4

NAME

6       scapy - Interactive packet manipulation tool
7

SYNOPSIS

9       scapy [options]
10

DESCRIPTION

12       This manual page documents briefly the Scapy tool.
13
14       Scapy is a powerful interactive packet manipulation tool, packet gener‐
15       ator, network scanner, network discovery, packet sniffer, etc.  It  can
16       for  the moment replace hping, parts of nmap, arpspoof, arp-sk, arping,
17       tcpdump, tshark, p0f, ...
18
19       Scapy uses the Python interpreter as a command board. That  means  that
20       you  can  use  directly  Python  language (assign variables, use loops,
21       define functions, etc.) If you give a file a  parameter  when  you  run
22       Scapy,  your  session  (variables,  functions,  instances, ...) will be
23       saved when you leave the interpreter and restored  the  next  time  you
24       launch Scapy.
25
26       The  idea is simple. Those kinds of tools do two things : sending pack‐
27       ets and receiving answers. That's what Scapy does : you define a set of
28       packets, it sends them, receives answers, matches requests with answers
29       and returns a list of packet couples (request, answer) and  a  list  of
30       unmatched  packets.  This has the big advantage over tools like nmap or
31       hping that an answer is not reduced to (open/closed/filtered),  but  is
32       the whole packet.
33
34       On  top  of  this  can  be used to build more high-level functions, for
35       example, one that does traceroutes and give as a result only the  start
36       TTL  of  the  request and the source IP of the answer. One that pings a
37       whole network and gives the list of machines answering. One that does a
38       portscan and returns a LaTeX report.
39
40

OPTIONS

42       Options for Scapy are:
43
44       -h     display usage
45
46       -d     increase log verbosity. Can be used many times.
47
48       -s FILE
49              use  FILE  to  save/load  session  values (variables, functions,
50              instances, ...)
51
52       -p PRESTART_FILE
53              use PRESTART_FILE instead of  $HOME/.scapy_prestart.py  as  pre-
54              startup file
55
56       -P     do not run prestart file
57
58       -c STARTUP_FILE
59              use  STARTUP_FILE  instead of $HOME/.scapy_startup.py as startup
60              file
61
62       -C     do not run startup file
63
64

COMMANDS

66       Only the vital commands to begin are listed here for the moment.
67
68       ls()   lists supported protocol layers.  If a protocol layer  is  given
69              as parameter, lists its fields and types of fields.  If a string
70              is given as parameter, it is used to filter the layers.
71
72       explore()
73              explores available protocols.  Allows to look  for  a  layer  or
74              protocol through an interactive GUI.  If a Scapy module is given
75              as parameter, explore this specific module.
76
77       lsc()  lists scapy's main user commands.
78
79       conf   this object contains the configuration.
80
81

FILES

83       $HOME/.scapy_prestart.py This file is run before Scapy core is  loaded.
84       Only  the conf object is available. This file can be used to manipulate
85       conf.load_layers list to choose which layers will be loaded:
86
87       conf.load_layers.remove("bluetooth")
88       conf.load_layers.append("new_layer")
89
90       $HOME/.scapy_startup.py This file is run after Scapy is loaded. It  can
91       be used to configure some of the Scapy behaviors:
92
93       conf.prog.pdfreader = "xpdf"
94       split_layers(UDP,DNS)
95
96

EXAMPLES

98       More    verbose   examples   are   available   in   the   documentation
99       https://scapy.readthedocs.io/ Just run scapy and try the following com‐
100       mands in the interpreter.
101
102
103       Test the robustness of a network stack with invalid packets:
104       sr(IP(dst="172.16.1.1", ihl=2, options=["verb$2"], version=3)/ICMP(), timeout=2)
105
106
107       Packet  sniffing  and dissection (with a bpf filter or tshark-like out‐
108       put):
109       a=sniff(filter="tcp port 110")
110       a=sniff(prn = lambda x: x.display)
111
112
113       Sniffed packet re-emission:
114       a=sniff(filter="tcp port 110")
115       sendp(a)
116
117
118       Pcap file packet re-emission:
119       sendp(rdpcap("file.cap"))
120
121
122       Manual TCP traceroute:
123       sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport)
124
125
126       Protocol scan:
127       sr(IP(dst="172.16.1.28", proto=(1,254)))
128
129
130       ARP ping:
131       srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="172.16.1.1/24"))
132
133
134       ACK scan:
135       sr(IP(dst="172.16.1.28")/TCP(dport=(1,1024), flags="A"))
136
137
138       Passive OS fingerprinting:
139       sniff(prn=prnp0f)
140
141
142       Active OS fingerprinting:
143       nmap_fp("172.16.1.232")
144
145
146
147       ARP cache poisoning:
148       sendp(Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target))
149
150
151       Reporting:
152       report_ports("192.168.2.34", (20,30))
153
154

SEE ALSO

156       The official website: https://scapy.net/
157       The GitHub Development repository: https://github.com/secdev/scapy/
158       The official documentation: https://scapy.readthedocs.io/en/latest/
159
160

BUGS

162       Does not give the  right  source  IP  for  routes  that  use  interface
163       aliases.
164
165       May  miss  packets  under heavy load. This is a restriction from python
166       itself
167
168       Session saving is limited by Python ability to marshal  objects.  As  a
169       consequence,  lambda  functions  and  generators  can't be saved, which
170       seriously reduce the usefulness of this feature.
171
172       BPF filters don't work on Point-to-point interfaces.
173
174
175

AUTHOR

177       Philippe Biondi <phil@secdev.org>
178
179       This manual page was written by Alberto Gonzalez  Iniesta  <agi@agi.as>
180       and Philippe Biondi.
181
182
183
184                                  May 8, 2018                         SCAPY(1)
Impressum