Packet Crafting Using Python Scapy

Recently I was doing a course that focuses on penetration testing and python. As my learning was progressing I got to learn about an awesome python program called Scapy.

What is scapy??

As I just said, Scapy is a python program which allows the user to

  1. Create packets
  2. Forge packets
  3. Decode packets

Using this program we can also easily insert packets into a network.

You can download scapy from

https://github.com/secdev/scapy

Let’s start crafting our packet.

packet = IP(ttl=64)

The above command will create an IP packet with TTL(Time to live) 64.

ttl=64 will help the packet to determine its lifetime. On each hope, the value will be decremented by one and when ttl reaches zero, the packet will be dropped.

Now, lets set the source address of the packet.

here I gave the Ip address of the router in my local network

Next, I gave the destination IP

That’s the IP of the windows machine where the parrot OS is loaded.

Now its time to start Wireshark to monitor the packet flow.

I choose ethO, since my Vbox is connected to internet through that.

Now send the packet using scapy using the command

send(packet)

By filtering the Wireshark outputs only for the IP destination address 192.168.20.32, we will get the below output.

form the above image it is clear that the packet generated had the source IP as 192.168.20.1 and destination IP as 192.168.20.32. We have successfully crafted a packet here.

Another interesting thing I found is that there are no flags or warning showed up in Wireshark.

Now lets attack!

In spacy let’s give the below command and check Wireshark output.

send(IP(src=”192.168.20.1", dst=”192.168.20.32")/TCP(sport=135,dport=135), count=2000)

Here we are sending 2000 packets through a TCP connection by specifying the source port and destination port as 135

Wireshark has captured all the packets.

But we have a problem here, we have crafted the packet without masking our MAC address. We can see the device mac address by inspecting the packets from Wireshark.

Let us do some MAC address spoofing now

sendp(Ether(src=”aa:bb:cc:dd:ee:ff””)/IP(src=”192.168.20.1", dst=”192.168.20.32")/TCP(sport=135,dport=135), count=2000)

With the above code we are sending packets by setting the source mac address as aa:bb:cc:dd:ee:ff.

from the Wireshark, if we inspect the packet we can find that we were able to spoof the MAC address easily

Using this tool we can send a huge number of packets and make the router confused. This can also cause a denial of service to other systems in the network.

By forging the mac address and IP address an attacker can easily pretend to be someone else in the network and perform malicious activities.

The content I shared is only for educational purpose and I am not responsible for any kinds of stuff you do with this.

You can connect me on

LinkedIn: Derick N

Twitter: Derick N

--

--

--

Cyber Security Professional

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

(Offer) Swap LUNA Tokens & Earn Leap Tokens Everyday

Leap Tokens Ahead Rewards

Cheers to you #GLH2018 hackathon judges!

{UPDATE} Farming Evolution Hack Free Resources Generator

Identity Fabric for Digital Identities

iOS 12.4.1 Jailbreak Using Checkra1n

Project CRODO Ambassador And referral program.

The Network Logs You Need

Chaos-based stream ciphers power the future for concentrated & cost-efficient cryptosystems

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Derick Neriamparambil

Derick Neriamparambil

Cyber Security Professional

More from Medium

CRYPTOGRAPHY WITH PYTHON (CIPHER TEXT AND PASSWORD KEY AS TOOLS)

Image Processing in Python with NumPy, SciPy and skimage (1)

Facial Landmarks Detection | with Opencv, Mediapipe and Python

Dominoes game with simple AI in Python