Open In App

Packet sniffing using Scapy

Last Updated : 05 Jul, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Scapy is a powerful and versatile packet manipulation tool written in python. Using scapy, a user will be able to send, sniff, dissect and forge network packets. Scapy also has the capability to store the sniffed packets in a pcap file. Using scapy, we will be able to handle tasks like trace routing, probing, scanning, unit tests, and network discovery with ease. All of these properties make scapy useful for network-based attacks.

As mentioned before scapy performs a wide range of networking tasks and one such task is packet sniffing. Packet sniffing is the process of capturing all the packets flowing across a computer network. The sniffed packets give away a lot of information like what website does a user visit, what contents does the user see, what does the user download and almost everything. The captured packets are usually stored for future analysis.

In this article, we will learn how to sniff packets using scapy and store the sniffed packets in a pcap file.

To work on scapy, we need to have scapy installed on our computer.

sudo apt-get install python3-scapy

Now that we have scapy installed, open scapy shell by typing “scapy” in your terminal.

Sniffing packets using scapy:

To sniff the packets use the sniff() function. The sniff() function returns information about all the packets that has been sniffed.

capture = sniff()

To see the summary of packet responses, use summary().

capture.summary()

The sniff() function listens for an infinite period of time until the user interrupts.

To restrict the number of packets to be captured sniff() allows a count parameter. By specifying a value for the count, the packet capturing will be restricted to the specified number.  

capture = sniff(count=5)

You can also filter packets while sniffing using the filter parameter. It uses a Berkeley Packet Filter (BPF) syntax.

The following command will capture only TCP packets:

sniff(filter="tcp", count=5)

Similarly, you can filter any packet on the basis of source/destination IP address, port number, protocol and lot more by using the BPF syntax.

When scapy sniffs packets, it generally sniffs from all of your network interfaces. However, we can explicitly mention the interfaces that we would like to sniff on using the iface parameter. The iface can either be an element or a list of elements.

sniff(iface="eth0", count=5)

sniff() function has another interesting parameter called prn that allows you to pass a function that executes with each packet sniffed. This allows us to do some custom actions with each packet sniffed.

sniff(prn=lambda x:x.summary(), count=5)

Scapy also allows us to store the sniffed packets in a pcap file. Running the following command will write the sniffed packets in a pcap:

wrpcap("<file name>", capture)

where capture is the list of sniffed packets.

The stored pcap files can be analyzed using Wireshark, tcpdump, WinDump, Packet Square, etc.

Opening GfG.pcap using Wireshark:

Analyzing scapy sniffed packets in Wireshark

We can also sniff packets offline from pcap files by running the following command:

sniff(offline="<file name>")


Similar Reads

Scapy - Packet Manipulation in Kali Linux
Scapy is a free and open-source tool available on Github. Scapy is written in Python language. Scapy is used for packet manipulation programs. Scapy tool forges the data packet that is coming from a source. Scapy decodes data packets and captures them. This tool reads packets using pcap files, and then it matches the request and replies. Scapy tool
4 min read
What is Packet Sniffing ?
When any data has to be transmitted over the computer network, it is broken down into smaller units at the sender's node called data packets and reassembled at receiver's node in original format. It is the smallest unit of communication over a computer network. It is also called a block, a segment, a datagram or a cell. The act of capturing data pa
3 min read
Packet Sniffing and Network Analysis Tools: Wireshark, tcpdump
Packet sniffing means intercepting data packets as they pass through a network, just like looking inside envelopes in the mail. Experts use tools like Wireshark and tcpdump to track, troubleshoot, or secure networks. The packet analyzer Wireshark, or just Shark for short, functions as a magnifying glass; it captures and organizes the packets so you
6 min read
Network Scanning using scapy module - Python
Scapy is a library supported by both Python2 and Python3. It is used for interacting with the packets on the network. It has several functionalities through which we can easily forge and manipulate the packet. Through scapy module we can create different network tools like ARP Spoofer, Network Scanner, packet dumpers etc. This module can be used to
3 min read
Python - How to create an ARP Spoofer using Scapy?
ARP spoofing is a malicious attack in which the hacker sends falsified ARP in a network. Every node in a connected network has an ARP table through which we identify the IP address and the MAC address of the connected devices. What aim to send an ARP broadcast to find our desired IP which needs to be spoofed, and then spoof the gateway, as well as
6 min read
How to Create Fake Access Points using Scapy in Python?
In this article, we are going to discuss how to create fake access points using scapy module in python This task can be done with the help of the python package scapy-fakeap. The intention behind using this library is not only making Fake Access Point but also Testing of 802.11 protocols and its implementation. Scapy is a python module used for int
4 min read
How to Make a DNS Spoof attack using Scapy in Python?
In this article, we are going to discuss how to make a DNS Spoof attack using Scapy in Python. Before starting we need to know few points: DNS Server: The Domain Name System provides a way to match human-readable domain names into IP addresses. For example, when we search for google.com, the browses makes a DNS query to the DNS server so that it re
5 min read
How to Build a WiFi Scanner in Python using Scapy?
In this article, we are going to build a WiFi Scanner in Python using Scapy. WiFi Scanning or Network scanning refers to the scanning of the whole network to which we are connected and try to find out what are all the clients connected to our network. We can identify each client using their IP and MAC address. We can use ARP ping to find out the al
3 min read
Finding All Wifi-Devices using Scapy Python
Scapy is a library supported by both Python2 and Python3. It is used for interacting with the packets on the network. It has several functionalities through which we can easily forge and manipulate the packet. Through scapy module, we can create different network tools like ARP Spoofer, Network Scanner, packet dumpers, etc. This module can be used
3 min read
How to Detect ARP Spoof Attack using Scapy in Python?
ARP Spoofing is also known as ARP Poisoning which is a type of cyberattack in which a malicious user sends falsified ARP (Address Resolution Protocol) messages over a LAN (Local Area Network). This results in the linking of an attacker's MAC Address with the IP Address of a legitimate computer or server on the network. Here we'll perform passive mo
7 min read
Practice Tags :