Installing and Utilizing Scapy on Cumulus Linux

Follow

scapy is a powerful interactive packet manipulation program. This short how-to shows you how to get it up and running on Cumulus Linux. scapy is not supported by Cumulus Networks but it is a Linux tool that many people enjoy for packet testing.

Installing scapy

  1. Perform a wget of the latest tar.gz file:
    cumulus@switch:/tmp$ sudo wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
    --2014-04-08 15:39:10-- http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
    Resolving www.secdev.org (www.secdev.org)... 217.25.178.5
    Connecting to www.secdev.org (www.secdev.org)|217.25.178.5|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 956785 (934K) [application/x-gzip]
    Saving to: `scapy-latest.tar.gz' 100%[==============================================================================================>] 956,785 600K/s in 1.6s 2014-04-08 15:39:11 (600 KB/s) - `scapy-latest.tar.gz' saved [956785/956785]
  2. Untar the file and change into the directory.
    cumulus@switch:/tmp$ tar -xzvf scapy-latest.tar.gz
    cumulus@switch:/tmp$ cd sc*
  3. Run the install script.
    cumulus@switch:/tmp$ python setup.py install
  4. Run scapy.
    cumulus@switch:/tmp/scapy-2.1.0$ sudo scapy
    INFO: Can't import python gnuplot wrapper . Won't be able to plot.
    INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
    WARNING: No route found for IPv6 destination :: (no default route?)
    INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
    Welcome to Scapy (2.1.0)
    >>>
    

The INFO and warning messages above relate to particular functions within scapy but are not required for its core functionality. Please read the scapy documentation for more information.

Note: scapy must be run as root. Cumulus Linux 2.0.x and later users can use sudo to run scapy.

Scapy Tutorial

Switch1 has the IP address 10.0.0.2/24. Switch2 connects to that port correctly and has an IP address 10.0.0.17/24; assume you could ping this address before you installed scapy. Assume scapy is installed on Switch1 but you could perform similar commands with tcpdump and grep to filter the output you need.

>>> sniff(iface="br-untagged", filter="host 10.0.0.18", prn=lambda x: x.summary())

On Switch2, send a ping from a nonexistent address:

>>> packet = IP(src="10.0.0.18", dst="10.0.0.2") / ICMP(type="echo-request")
>>> send(packet)
.
Sent 1 packets.
>>> send(packet)
.
Sent 1 packets.
>>> send(packet)

Switch1 displays this output:

Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / ARP who has 10.0.0.18 says 10.0.0.2

Notice how it is trying to ARP for a nonexistent address? scapy is great for testing out ACLs. For an interactive tutorial visit, the scapy website.

Have more questions? Submit a request

Comments

Powered by Zendesk