Packet Crafting Using Python Scapy

Derick Neriamparambil
4 min readJul 5, 2020


Recently I was doing a course that focuses on penetration testing and python. As my learning was progressing I got to learn about an awesome python program called Scapy.

What is scapy??

As I just said, Scapy is a python program which allows the user to

  1. Create packets
  2. Forge packets
  3. Decode packets

Using this program we can also easily insert packets into a network.

You can download scapy from

Let’s start crafting our packet.

packet = IP(ttl=64)

The above command will create an IP packet with TTL(Time to live) 64.

ttl=64 will help the packet to determine its lifetime. On each hope, the value will be decremented by one and when ttl reaches zero, the packet will be dropped.

Now, lets set the source address of the packet.

here I gave the Ip address of the router in my local network

Next, I gave the destination IP

That’s the IP of the windows machine where the parrot OS is loaded.

Now its time to start Wireshark to monitor the packet flow.

I choose ethO, since my Vbox is connected to internet through that.

Now send the packet using scapy using the command


By filtering the Wireshark outputs only for the IP destination address, we will get the below output.

form the above image it is clear that the packet generated had the source IP as and destination IP as We have successfully crafted a packet here.

Another interesting thing I found is that there are no flags or warning showed up in Wireshark.

Now lets attack!

In spacy let’s give the below command and check Wireshark output.

send(IP(src=”", dst=”")/TCP(sport=135,dport=135), count=2000)

Here we are sending 2000 packets through a TCP connection by specifying the source port and destination port as 135

Wireshark has captured all the packets.

But we have a problem here, we have crafted the packet without masking our MAC address. We can see the device mac address by inspecting the packets from Wireshark.

Let us do some MAC address spoofing now

sendp(Ether(src=”aa:bb:cc:dd:ee:ff””)/IP(src=”", dst=”")/TCP(sport=135,dport=135), count=2000)

With the above code we are sending packets by setting the source mac address as aa:bb:cc:dd:ee:ff.

from the Wireshark, if we inspect the packet we can find that we were able to spoof the MAC address easily

Using this tool we can send a huge number of packets and make the router confused. This can also cause a denial of service to other systems in the network.

By forging the mac address and IP address an attacker can easily pretend to be someone else in the network and perform malicious activities.

The content I shared is only for educational purpose and I am not responsible for any kinds of stuff you do with this.

You can connect me on

LinkedIn: Derick N

Twitter: Derick N