This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

Installing and Utilizing Scapy on Cumulus Linux

Follow

scapy is a powerful interactive packet manipulation program. This short how-to shows you how to get it up and running on Cumulus Linux. scapy is not supported by Cumulus Networks but it is a Linux tool that many people enjoy for packet testing.

Installing scapy

  1. Perform a wget of the latest tar.gz file:
    cumulus@switch:/tmp$ sudo wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
    --2014-04-08 15:39:10-- http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
    Resolving www.secdev.org (www.secdev.org)... 217.25.178.5
    Connecting to www.secdev.org (www.secdev.org)|217.25.178.5|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 956785 (934K) [application/x-gzip]
    Saving to: `scapy-latest.tar.gz' 100%[==============================================================================================>] 956,785 600K/s in 1.6s 2014-04-08 15:39:11 (600 KB/s) - `scapy-latest.tar.gz' saved [956785/956785]
  2. Untar the file and change into the directory.
    cumulus@switch:/tmp$ tar -xzvf scapy-latest.tar.gz
    cumulus@switch:/tmp$ cd sc*
  3. Run the install script.
    cumulus@switch:/tmp$ python setup.py install
  4. Run scapy.
    cumulus@switch:/tmp/scapy-2.1.0$ sudo scapy
    INFO: Can't import python gnuplot wrapper . Won't be able to plot.
    INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
    WARNING: No route found for IPv6 destination :: (no default route?)
    INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
    Welcome to Scapy (2.1.0)
    >>>
    

The INFO and warning messages above relate to particular functions within scapy but are not required for its core functionality. Please read the scapy documentation for more information.

Note: scapy must be run as root. Cumulus Linux 2.0.x and later users can use sudo to run scapy.

Scapy Tutorial

Switch1 has the IP address 10.0.0.2/24. Switch2 connects to that port correctly and has an IP address 10.0.0.17/24; assume you could ping this address before you installed scapy. Assume scapy is installed on Switch1 but you could perform similar commands with tcpdump and grep to filter the output you need.

>>> sniff(iface="br-untagged", filter="host 10.0.0.18", prn=lambda x: x.summary())

On Switch2, send a ping from a nonexistent address:

>>> packet = IP(src="10.0.0.18", dst="10.0.0.2") / ICMP(type="echo-request")
>>> send(packet)
.
Sent 1 packets.
>>> send(packet)
.
Sent 1 packets.
>>> send(packet)

Switch1 displays this output:

Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / IP / ICMP 10.0.0.18 > 10.0.0.2 echo-request 0
Ether / ARP who has 10.0.0.18 says 10.0.0.2
Ether / ARP who has 10.0.0.18 says 10.0.0.2

Notice how it is trying to ARP for a nonexistent address? scapy is great for testing out ACLs. For an interactive tutorial visit, the scapy website.

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk