packets

Uncategorized

Found this, thought I would share. Take your network skills up a notch, if you dare. It is a packet analysis and packet creation tool using Python. It is called Scapy. The documentation is good. . . a bit difficult to find some quick how to demonstrations. Here is what I did, using my computer.

First I read up on it:
https://scapy.readthedocs.io/en/latest/

Then I used PIP (PIP – package installer for python. ) to make sure my PIP was updated.

C:\Users\rod>python -m pip install -U pip
Collecting pip
Downloading https://files.pythonhosted.org/packages/00/b6/9cfa56b4081ad13874b0c6f96af8ce16cfbc1cb06bedf8e9164ce5551ec1/pip-19.3.1-py2.py3-none-any.whl (1.4MB)
100% |################################| 1.4MB 573kB/s
Installing collected packages: pip
Found existing installation: pip 9.0.1
Uninstalling pip-9.0.1:
Successfully uninstalled pip-9.0.1
Successfully installed pip-19.3.1

C:\Users\rod>

Then I installed scapy using pip:

C:\Users\rod>pip install –pre scapy[basic]
Collecting scapy[basic]
Downloading https://files.pythonhosted.org/packages/52/e7/464079606a9cf97ad04936c52a5324d14dae36215f9319bf3faa46a7907d/scapy-2.4.3.tar.gz (905kB)

After that I was able to run some scapy scripts against network packet captures. Here is one. In this example python/scapy script that reads a file called “capture” and counts packets and outputs to standard output.

*** START of python scapy file *****
from scapy.all import rdpcap

Read capture with Scapy

filename = ‘capture.pcap’
packets = rdpcap(filename)

Create sets to store source and ip addresses

This automatically allows us to count the number of unique addresses!

source_ips = set()
destination_ips = set()
IP = ‘IP’

Loop through all packets in capture

for packet in packets:
# If the packet has IP layer information…
if IP in packet:
source_ip = packet[IP].src
destination_ip = packet[IP].dst

    source_ips.add(source_ip)
    destination_ips.add(destination_ip)

print(‘There are ‘ + str(len(source_ips)) + ‘ unique source IP addresses.’)
print(‘There are ‘ + str(len(destination_ips)) + ‘ unique destination IP addresses.’)

*** END of python scapy file *****

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s