scapy is a powerful interactive packet manipulation program. This short how-to shows you how to get it up and running on Cumulus Linux.
scapy is not supported by Cumulus Networks but it is a Linux tool that many people enjoy for packet testing.
- Perform a
wgetof the latest tar.gz file:
cumulus@switch:/tmp$ sudo wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
--2014-04-08 15:39:10-- http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
Resolving www.secdev.org (www.secdev.org)... 220.127.116.11
Connecting to www.secdev.org (www.secdev.org)|18.104.22.168|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 956785 (934K) [application/x-gzip]
Saving to: `scapy-latest.tar.gz' 100%[==============================================================================================>] 956,785 600K/s in 1.6s 2014-04-08 15:39:11 (600 KB/s) - `scapy-latest.tar.gz' saved [956785/956785]
- Untar the file and change into the directory.
cumulus@switch:/tmp$ tar -xzvf scapy-latest.tar.gz cumulus@switch:/tmp$ cd sc*
- Run the install script.
cumulus@switch:/tmp$ python setup.py install
cumulus@switch:/tmp/scapy-2.1.0$ sudo scapy INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump(). WARNING: No route found for IPv6 destination :: (no default route?) INFO: Can't import python Crypto lib. Won't be able to decrypt WEP. Welcome to Scapy (2.1.0) >>>
The INFO and warning messages above relate to particular functions within
scapy but are not required for its core functionality. Please read the
scapy documentation for more information.
scapy must be run as root. Cumulus Linux 2.0.x and later users can use
sudo to run scapy.
Switch1 has the IP address 10.0.0.2/24. Switch2 connects to that port correctly and has an IP address 10.0.0.17/24; assume you could ping this address before you installed
scapy is installed on Switch1 but you could perform similar commands with
grep to filter the output you need.
>>> sniff(iface="br-untagged", filter="host 10.0.0.18", prn=lambda x: x.summary())
On Switch2, send a ping from a nonexistent address:
>>> packet = IP(src="10.0.0.18", dst="10.0.0.2") / ICMP(type="echo-request") >>> send(packet) . Sent 1 packets. >>> send(packet) . Sent 1 packets. >>> send(packet)
Switch1 displays this output:
Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0 Ether / ARP who has 10.0.0.18 says 10.0.0.2 Ether / ARP who has 10.0.0.18 says 10.0.0.2 Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0 Ether / ARP who has 10.0.0.18 says 10.0.0.2 Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0 Ether / ARP who has 10.0.0.18 says 10.0.0.2 Ether / ARP who has 10.0.0.18 says 10.0.0.2
Notice how it is trying to ARP for a nonexistent address?
scapy is great for testing out ACLs. For an interactive tutorial visit, the