Recently I was doing a course that focuses on penetration testing and python. As my learning was progressing I got to learn about an awesome python program called Scapy.
What is scapy??
As I just said, Scapy is a python program which allows the user to
- Create packets
- Forge packets
- Decode packets
Using this program we can also easily insert packets into a network.
You can download scapy from
Let’s start crafting our packet.
packet = IP(ttl=64)
The above command will create an IP packet with TTL(Time to live) 64.
ttl=64 will help the packet to determine its lifetime. On each hope, the value will be decremented by one and when ttl reaches zero, the packet will be dropped.
Now, lets set the source address of the packet.
here I gave the Ip address of the router in my local network
Next, I gave the destination IP
That’s the IP of the windows machine where the parrot OS is loaded.
Now its time to start Wireshark to monitor the packet flow.
I choose ethO, since my Vbox is connected to internet through that.
Now send the packet using scapy using the command
By filtering the Wireshark outputs only for the IP destination address 192.168.20.32, we will get the below output.
form the above image it is clear that the packet generated had the source IP as 192.168.20.1 and destination IP as 192.168.20.32. We have successfully crafted a packet here.
Another interesting thing I found is that there are no flags or warning showed up in Wireshark.
Now lets attack!
In spacy let’s give the below command and check Wireshark output.
send(IP(src=”192.168.20.1", dst=”192.168.20.32")/TCP(sport=135,dport=135), count=2000)
Here we are sending 2000 packets through a TCP connection by specifying the source port and destination port as 135
Wireshark has captured all the packets.
But we have a problem here, we have crafted the packet without masking our MAC address. We can see the device mac address by inspecting the packets from Wireshark.
Let us do some MAC address spoofing now
sendp(Ether(src=”aa:bb:cc:dd:ee:ff””)/IP(src=”192.168.20.1", dst=”192.168.20.32")/TCP(sport=135,dport=135), count=2000)
With the above code we are sending packets by setting the source mac address as aa:bb:cc:dd:ee:ff.
from the Wireshark, if we inspect the packet we can find that we were able to spoof the MAC address easily
Using this tool we can send a huge number of packets and make the router confused. This can also cause a denial of service to other systems in the network.
By forging the mac address and IP address an attacker can easily pretend to be someone else in the network and perform malicious activities.
The content I shared is only for educational purpose and I am not responsible for any kinds of stuff you do with this.
You can connect me on
LinkedIn: Derick N
Twitter: Derick N