Installing and Utilizing Scapy on Cumulus Linux


scapy is a powerful interactive packet manipulation program. This short how-to shows you how to get it up and running on Cumulus Linux. scapy is not supported by Cumulus Networks but it is a Linux tool that many people enjoy for packet testing.

Installing scapy

  1. Perform a wget of the latest tar.gz file:
    cumulus@switch:/tmp$ sudo wget
    --2014-04-08 15:39:10--
    Resolving (
    Connecting to (||:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 956785 (934K) [application/x-gzip]
    Saving to: `scapy-latest.tar.gz' 100%[==============================================================================================>] 956,785 600K/s in 1.6s 2014-04-08 15:39:11 (600 KB/s) - `scapy-latest.tar.gz' saved [956785/956785]
  2. Untar the file and change into the directory.
    cumulus@switch:/tmp$ tar -xzvf scapy-latest.tar.gz
    cumulus@switch:/tmp$ cd sc*
  3. Run the install script.
    cumulus@switch:/tmp$ python install
  4. Run scapy.
    cumulus@switch:/tmp/scapy-2.1.0$ sudo scapy
    INFO: Can't import python gnuplot wrapper . Won't be able to plot.
    INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
    WARNING: No route found for IPv6 destination :: (no default route?)
    INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
    Welcome to Scapy (2.1.0)

The INFO and warning messages above relate to particular functions within scapy but are not required for its core functionality. Please read the scapy documentation for more information.

Note: scapy must be run as root. Cumulus Linux 2.0.x and later users can use sudo to run scapy.

Scapy Tutorial

Switch1 has the IP address Switch2 connects to that port correctly and has an IP address; assume you could ping this address before you installed scapy. Assume scapy is installed on Switch1 but you could perform similar commands with tcpdump and grep to filter the output you need.

>>> sniff(iface="br-untagged", filter="host", prn=lambda x: x.summary())

On Switch2, send a ping from a nonexistent address:

>>> packet = IP(src="", dst="") / ICMP(type="echo-request")
>>> send(packet)
Sent 1 packets.
>>> send(packet)
Sent 1 packets.
>>> send(packet)

Switch1 displays this output:

Ether / IP / ICMP > echo-request 0
Ether / ARP who has says
Ether / ARP who has says
Ether / IP / ICMP > echo-request 0
Ether / ARP who has says
Ether / IP / ICMP > echo-request 0
Ether / ARP who has says
Ether / ARP who has says

Notice how it is trying to ARP for a nonexistent address? scapy is great for testing out ACLs. For an interactive tutorial visit, the scapy website.

Have more questions? Submit a request


Powered by Zendesk