Skip to content

Instantly share code, notes, and snippets.

@econchick
Created November 23, 2013 13:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save econchick/7614860 to your computer and use it in GitHub Desktop.
Save econchick/7614860 to your computer and use it in GitHub Desktop.
Display the source blob
Display the rendered blob
Raw
{
"metadata": {
"name": "Quick How-to with Scapy"
},
"nbformat": 3,
"nbformat_minor": 0,
"worksheets": [
{
"cells": [
{
"cell_type": "code",
"collapsed": false,
"input": [
"from scapy.all import * # this makes me cringe"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stderr",
"text": [
"WARNING: No route found for IPv6 destination :: (no default route?)\n"
]
},
{
"output_type": "stream",
"stream": "stderr",
"text": [
"WARNING:scapy.runtime:No route found for IPv6 destination :: (no default route?)\n"
]
}
],
"prompt_number": 1
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"a = sniff(iface=\"en0\", filter=\"tcp and port 80\", count=10)"
],
"language": "python",
"metadata": {},
"outputs": [],
"prompt_number": 2
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"a"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 3,
"text": [
"<Sniffed: TCP:10 UDP:0 ICMP:0 Other:0>"
]
}
],
"prompt_number": 3
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"a.res"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 4,
"text": [
"[<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=650 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9f88 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53491 dport=http seq=3474155615 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xecd6 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=41196 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb59a src=10.25.3.61 dst=50.31.164.188 options=[] |<TCP sport=53492 dport=http seq=3315328916 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x2b8d urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=40761 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb74d src=10.25.3.61 dst=50.31.164.188 options=[] |<TCP sport=53493 dport=http seq=700164627 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x4ee urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=26980 flags=DF frag=0L ttl=64 proto=tcp chksum=0x38ae src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53494 dport=http seq=2552994569 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xf110 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=48861 flags=DF frag=0L ttl=64 proto=tcp chksum=0xe334 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53495 dport=http seq=1279463156 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xc90d urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=14036 flags=DF frag=0L ttl=64 proto=tcp chksum=0x6b3e src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53496 dport=http seq=2445014061 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x9e5a urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=60321 flags=DF frag=0L ttl=64 proto=tcp chksum=0xb670 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53497 dport=http seq=405324467 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x4967 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=34902 flags=DF frag=0L ttl=64 proto=tcp chksum=0x19bc src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53498 dport=http seq=3477655716 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x8454 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433616, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=31060 flags=DF frag=0L ttl=64 proto=tcp chksum=0xd487 src=10.25.3.61 dst=192.33.31.101 options=[] |<TCP sport=53499 dport=http seq=3025988404 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x3030 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433689, 0)), ('SAckOK', ''), ('EOL', None)] |>>>,\n",
" <Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=33529 flags=DF frag=0L ttl=64 proto=tcp chksum=0xcae2 src=10.25.3.61 dst=192.33.31.101 options=[] |<TCP sport=53500 dport=http seq=1607594496 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0x7dee urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433689, 0)), ('SAckOK', ''), ('EOL', None)] |>>>]"
]
}
],
"prompt_number": 4
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"a.res[0] # first packet"
],
"language": "python",
"metadata": {},
"outputs": [
{
"metadata": {},
"output_type": "pyout",
"prompt_number": 5,
"text": [
"<Ether dst=00:1d:70:df:2d:11 src=14:10:9f:e1:54:9b type=0x800 |<IP version=4L ihl=5L tos=0x0 len=64 id=650 flags=DF frag=0L ttl=64 proto=tcp chksum=0x9f88 src=10.25.3.61 dst=184.73.211.6 options=[] |<TCP sport=53491 dport=http seq=3474155615 ack=0 dataofs=11L reserved=0L flags=S window=65535 chksum=0xecd6 urgptr=0 options=[('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)] |>>>"
]
}
],
"prompt_number": 5
},
{
"cell_type": "code",
"collapsed": false,
"input": [
"a.res[0].show()"
],
"language": "python",
"metadata": {},
"outputs": [
{
"output_type": "stream",
"stream": "stdout",
"text": [
"###[ Ethernet ]###\n",
" dst = 00:1d:70:df:2d:11\n",
" src = 14:10:9f:e1:54:9b\n",
" type = 0x800\n",
"###[ IP ]###\n",
" version = 4L\n",
" ihl = 5L\n",
" tos = 0x0\n",
" len = 64\n",
" id = 650\n",
" flags = DF\n",
" frag = 0L\n",
" ttl = 64\n",
" proto = tcp\n",
" chksum = 0x9f88\n",
" src = 10.25.3.61\n",
" dst = 184.73.211.6\n",
" \\options \\\n",
"###[ TCP ]###\n",
" sport = 53491\n",
" dport = http\n",
" seq = 3474155615\n",
" ack = 0\n",
" dataofs = 11L\n",
" reserved = 0L\n",
" flags = S\n",
" window = 65535\n",
" chksum = 0xecd6\n",
" urgptr = 0\n",
" options = [('MSS', 1460), ('NOP', None), ('WScale', 4), ('NOP', None), ('NOP', None), ('Timestamp', (1224433615, 0)), ('SAckOK', ''), ('EOL', None)]\n"
]
}
],
"prompt_number": 6
}
],
"metadata": {}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment