SlideShare a Scribd company logo
PyCon India 2009 Presentation Python tools for Network Security  Anand B Pillai (abpillai@gmail.com)
Agenda Brief overview
Python tools Pypcap, Dpkt, Scapy
Quick introduction to pypcap, dpkt
Using Scapy to write your own tools
Examples Links
Questions
Requirements Basic knowledge of Python and using the interpreter
Basic knowledge of network protocols – TCP/UDP/ICMP etc
Background in Network security is useful
Network Security Involves writing software to anticipate, prevent and stop attacks using the network
Network security practitioner requires a toolset which allows him to, Capture Packets from the wire
Inspect Packets obtained
Craft Packets for testing In short, the network security toolset should allow the developer to capture, inspect and create/craft network packets
Packet Capture Favorite tool of every network security hacker – Wireshark (previously Ethereal)
Uses the libpcap library behind the scenes to capture packets off the network
Libpcap -> Is the most basic library and most widely used for packet capturing. Almost every network security tool which requires packet capturing is based on libpcap
Python + libpcap  In the Python world, there are a few extensions to libpcap namely -> pypcap, pcapy and python-libcap. Pcapy – By Darknet.org, works best with their Impacket, InlineEgg tools, latest stable rel 0.10.5
Pylibcap - Python module for the libpcap packet capture library, based on the original python libpcap module by Aaron Rhodes, hosted on SF, latest stable rel 0.6.2
Pypcap - Simplified object-oriented Python extension module for libpcap, by dugsong, hosted on Google code, latest stable rel 1.1 I will be focusing on Pypcap for this session
Pypcap  Grab from  http://code.google.com/p/pypcap/
Installs using distutils as any other Python library
Requires libpcap library and header files
Ubuntu package available
Once installed, accessed using import of ”pcap” module
>>> import pcap
>>>
Pypcap in action >>> import pcap >>> pc = pcap.pcap('wlan0') >>> for ts, pkt in pc: ...  print ts, repr(pkt) 1253881836.82 <read-only buffer ptr 0xb78e7046, size 42 at 0xb7cdac40> 1253881836.82 <read-only buffer ptr 0xb7907046, size 42 at 0xb7cdac00> ^C1253881850.28 <read-only buffer ptr 0xb7c87046, size 1474 at 0xb7cdac00> Traceback (most recent call last):
File &quot;<stdin>&quot;, line 1, in <module>
File &quot;pcap.pyx&quot;, line 425, in pcap.pcap.__next__

More Related Content

PDF
Python build your security tools.pdf
PDF
Python for Penetration testers
PPTX
Penetration testing using python
PDF
Ethical hacking with Python tools
PPTX
Writing and using php streams and sockets
PDF
LibreSSL, one year later
PDF
System Programming and Administration
Python build your security tools.pdf
Python for Penetration testers
Penetration testing using python
Ethical hacking with Python tools
Writing and using php streams and sockets
LibreSSL, one year later
System Programming and Administration

What's hot (20)

PDF
Relayd: a load balancer for OpenBSD
PPT
Unix Programming with Perl 2
PDF
Php and threads ZTS
PDF
Php7 extensions workshop
ODP
Biopython
PDF
Python for-unix-and-linux-system-administration
PDF
Happy Go Programming Part 1
PDF
SymfonyCon 2017 php7 performances
PDF
Quick tour of PHP from inside
PPT
Unix And C
ODP
PHP5.5 is Here
PDF
PHP 7 OPCache extension review
PDF
OpenSSH: keep your secrets safe
PDF
Kamailio and VoIP Wild World
PDF
Symfony live 2017_php7_performances
PDF
Possibility of arbitrary code execution by Step-Oriented Programming
PPT
The Php Life Cycle
PDF
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
PDF
Mysqlnd, an unknown powerful PHP extension
PDF
Happy Go Programming
Relayd: a load balancer for OpenBSD
Unix Programming with Perl 2
Php and threads ZTS
Php7 extensions workshop
Biopython
Python for-unix-and-linux-system-administration
Happy Go Programming Part 1
SymfonyCon 2017 php7 performances
Quick tour of PHP from inside
Unix And C
PHP5.5 is Here
PHP 7 OPCache extension review
OpenSSH: keep your secrets safe
Kamailio and VoIP Wild World
Symfony live 2017_php7_performances
Possibility of arbitrary code execution by Step-Oriented Programming
The Php Life Cycle
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Mysqlnd, an unknown powerful PHP extension
Happy Go Programming
Ad

Viewers also liked (20)

PDF
Operations security - SyPy Dec 2014 (Sydney Python users)
PDF
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
PDF
Evdokimov python arsenal for re
PDF
Stegano Secrets - Python
PPTX
BSides 2016 Presentation
PPT
Network programming in python..
PPTX
Hunting gh0st rat using memory forensics
PDF
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
PPTX
The Enemy Within: Stopping Advanced Attacks Against Local Users
PDF
Be Social. Use CrowdRE.
PDF
CrowdCasts Monthly: When Pandas Attack
PPTX
Tracking Exploit Kits - Virus Bulletin 2016
PDF
CrowdCasts Monthly: Mitigating Pass the Hash
PDF
Hacking Exposed Live: Mobile Targeted Threats
PDF
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
PDF
Hunting For Exploit Kits
PDF
Offensive cyber security: Smashing the stack with Python
PDF
Network Security and Analysis with Python
PDF
Venom
PDF
Bear Hunting: History and Attribution of Russian Intelligence Operations
Operations security - SyPy Dec 2014 (Sydney Python users)
اسلاید دوم جلسه یازدهم کلاس پایتون برای هکر های قانونی
Evdokimov python arsenal for re
Stegano Secrets - Python
BSides 2016 Presentation
Network programming in python..
Hunting gh0st rat using memory forensics
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
The Enemy Within: Stopping Advanced Attacks Against Local Users
Be Social. Use CrowdRE.
CrowdCasts Monthly: When Pandas Attack
Tracking Exploit Kits - Virus Bulletin 2016
CrowdCasts Monthly: Mitigating Pass the Hash
Hacking Exposed Live: Mobile Targeted Threats
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Hunting For Exploit Kits
Offensive cyber security: Smashing the stack with Python
Network Security and Analysis with Python
Venom
Bear Hunting: History and Attribution of Russian Intelligence Operations
Ad

Similar to Pycon Sec (20)

PDF
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
PPT
Libpcap
PPT
Euro python2011 High Performance Python
PPTX
PACKET Sniffer IMPLEMENTATION
ODP
Python and Machine Learning
PDF
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
PPT
13048671.ppt
ODP
import rdma: zero-copy networking with RDMA and Python
PPT
Cell processor lab
PPTX
BSides London - Scapy Workshop
PDF
Please help with the below 3 questions, the python script is at the.pdf
PDF
Global Interpreter Lock: Episode I - Break the Seal
PPTX
Stupid iptables tricks
PDF
Poker, packets, pipes and Python
PDF
BUD17-300: Journey of a packet
PDF
Debugging Python with gdb
PPTX
Debug generic process
PPTX
(Slightly) Smarter Smart Pointers
PDF
Network Programming: Data Plane Development Kit (DPDK)
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Libpcap
Euro python2011 High Performance Python
PACKET Sniffer IMPLEMENTATION
Python and Machine Learning
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
13048671.ppt
import rdma: zero-copy networking with RDMA and Python
Cell processor lab
BSides London - Scapy Workshop
Please help with the below 3 questions, the python script is at the.pdf
Global Interpreter Lock: Episode I - Break the Seal
Stupid iptables tricks
Poker, packets, pipes and Python
BUD17-300: Journey of a packet
Debugging Python with gdb
Debug generic process
(Slightly) Smarter Smart Pointers
Network Programming: Data Plane Development Kit (DPDK)

Recently uploaded (20)

DOCX
The AUB Centre for AI in Media Proposal.docx
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
PPTX
Cloud computing and distributed systems.
PDF
cuic standard and advanced reporting.pdf
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
PDF
Review of recent advances in non-invasive hemoglobin estimation
PPTX
MYSQL Presentation for SQL database connectivity
PDF
Empathic Computing: Creating Shared Understanding
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
PDF
Encapsulation_ Review paper, used for researhc scholars
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
PPTX
Programs and apps: productivity, graphics, security and other tools
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
PDF
Electronic commerce courselecture one. Pdf
The AUB Centre for AI in Media Proposal.docx
Digital-Transformation-Roadmap-for-Companies.pptx
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
Reach Out and Touch Someone: Haptics and Empathic Computing
Cloud computing and distributed systems.
cuic standard and advanced reporting.pdf
20250228 LYD VKU AI Blended-Learning.pptx
Diabetes mellitus diagnosis method based random forest with bat algorithm
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
Mobile App Security Testing_ A Comprehensive Guide.pdf
Review of recent advances in non-invasive hemoglobin estimation
MYSQL Presentation for SQL database connectivity
Empathic Computing: Creating Shared Understanding
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Encapsulation_ Review paper, used for researhc scholars
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
The Rise and Fall of 3GPP – Time for a Sabbatical?
Programs and apps: productivity, graphics, security and other tools
Dropbox Q2 2025 Financial Results & Investor Presentation
Electronic commerce courselecture one. Pdf

Pycon Sec

  • 1. PyCon India 2009 Presentation Python tools for Network Security Anand B Pillai (abpillai@gmail.com)
  • 3. Python tools Pypcap, Dpkt, Scapy
  • 4. Quick introduction to pypcap, dpkt
  • 5. Using Scapy to write your own tools
  • 8. Requirements Basic knowledge of Python and using the interpreter
  • 9. Basic knowledge of network protocols – TCP/UDP/ICMP etc
  • 10. Background in Network security is useful
  • 11. Network Security Involves writing software to anticipate, prevent and stop attacks using the network
  • 12. Network security practitioner requires a toolset which allows him to, Capture Packets from the wire
  • 14. Craft Packets for testing In short, the network security toolset should allow the developer to capture, inspect and create/craft network packets
  • 15. Packet Capture Favorite tool of every network security hacker – Wireshark (previously Ethereal)
  • 16. Uses the libpcap library behind the scenes to capture packets off the network
  • 17. Libpcap -> Is the most basic library and most widely used for packet capturing. Almost every network security tool which requires packet capturing is based on libpcap
  • 18. Python + libpcap In the Python world, there are a few extensions to libpcap namely -> pypcap, pcapy and python-libcap. Pcapy – By Darknet.org, works best with their Impacket, InlineEgg tools, latest stable rel 0.10.5
  • 19. Pylibcap - Python module for the libpcap packet capture library, based on the original python libpcap module by Aaron Rhodes, hosted on SF, latest stable rel 0.6.2
  • 20. Pypcap - Simplified object-oriented Python extension module for libpcap, by dugsong, hosted on Google code, latest stable rel 1.1 I will be focusing on Pypcap for this session
  • 21. Pypcap Grab from http://code.google.com/p/pypcap/
  • 22. Installs using distutils as any other Python library
  • 23. Requires libpcap library and header files
  • 25. Once installed, accessed using import of ”pcap” module
  • 27. >>>
  • 28. Pypcap in action >>> import pcap >>> pc = pcap.pcap('wlan0') >>> for ts, pkt in pc: ... print ts, repr(pkt) 1253881836.82 <read-only buffer ptr 0xb78e7046, size 42 at 0xb7cdac40> 1253881836.82 <read-only buffer ptr 0xb7907046, size 42 at 0xb7cdac00> ^C1253881850.28 <read-only buffer ptr 0xb7c87046, size 1474 at 0xb7cdac00> Traceback (most recent call last):
  • 30. File &quot;pcap.pyx&quot;, line 425, in pcap.pcap.__next__
  • 31. TypeError: raise: exception class must be a subclass of BaseException
  • 34. Pypcap Create an object of type ”pcap”. If no arguments are passed listens on the first available up interface.
  • 36. >>> pc = pcap.pcap()
  • 37. To listen to a specific interface pass it explicitly
  • 38. >>> pc = pcap.pcap('wlan0')
  • 39. By default listens promiscously. To listen non-promiscously,
  • 40. >>> pc = pcap.pcap(promisc=False)
  • 41. To use a dumpfile,
  • 42. >>> pc = pcap.pcap(dumpfile='pkts.pcap')
  • 43. Pypcap - Usage Pcap objects are their own iterators, returning the packet timestamp and the packet as a 2-tuple
  • 44. Code is written as follows, iterating on the pcap object
  • 45. >>> pc = pcap.pcap()
  • 46. >>> for ts, pkt in pc:
  • 48. Optionally the dispatch method can be used to pass the packet to a call-back function. The callback function accepts the time-stamp, pkt and any other arguments.
  • 49. The loop method works similarly, but in an infinite loop.
  • 50. Examples Import pcap pc = pcap.pcap('wlan0') pc.setfilter('icmp') def process(ts, pkt, *args): &quot;&quot;&quot; Process packets &quot;&quot;&quot; print ts, pkt if __name__ == &quot;__main__&quot;: try: pc.loop(process) except Exception: pc.stats()
  • 51. Dpkt – Packet creation/parsing Dpkt is a library which provides packet creation/parsing capabilities with an object oriented interface
  • 52. Project hosted at http://code.google.com/p/dpkt/
  • 54. Pure Python library, installtion using distutils
  • 56. Supports a number of protocols with an API that allows easy creation of custom protocol classes.
  • 57. Has a Pcap writer class which allows to save pycap packets to pcap files. These files are compatible with tcpdump/wireshark.
  • 58. Pcap is useful with dpkt than simply by itself
  • 59. Using dpkt with pypcap A simple example which prints details of IP traffic in the network. import pcap, dpkt, socket pc = pcap.pcap('wlan0') count =0 def process(ts, pkt, *args): eth = dpkt.ethernet.Ethernet(pkt) ip = eth.data if ip.__class__==dpkt.ip.IP: global count count += 1
  • 60. Using dpkt with pypcap ... src_ip = socket.inet_ntoa(ip.src) dst_ip = socket.inet_ntoa(ip.dst) print 'Packet #%d, %s=>%s, length %d, proto: %d' % (count, src_ip, dst_ip, ip.len, ip.p) if __name__ == &quot;__main__&quot;: try: pc.loop(process) except KeyboardInterrupt: print pc.stats()
  • 61. Sample Output anand@anand-laptop:~/programs/python$ sudo python2.5 pcap2.py Packet #1, 192.168.1.2=>66.102.7.99, length 84, proto: 1 Packet #2, 66.102.7.99=>192.168.1.2, length 84, proto: 1 Packet #3, 192.168.1.2=>192.168.1.1, length 70, proto: 17 Packet #4, 192.168.1.1=>192.168.1.2, length 246, proto: 17 Packet #5, 192.168.1.2=>66.102.7.99, length 84, proto: 1 Packet #6, 74.125.67.17=>192.168.1.2, length 80, proto: 6 Packet #7, 192.168.1.2=>74.125.67.17, length 52, proto: 6 Packet #8, 66.102.7.99=>192.168.1.2, length 84, proto: 1 Packet #9, 192.168.1.2=>192.168.1.1, length 70, proto: 17 Packet #10, 192.168.1.1=>192.168.1.2, length 246, proto: 17 ^Packet #11, 192.168.1.2=>66.102.7.99, length 84, proto: 1
  • 62. Http Protocol Sniffer An HTTP protocol sniffer tool which saves http packets to a pcap file. import pcap, dpkt, socket pc = pcap.pcap('wlan0') count =0 ports = (80,8080,888) # Pcap writer pcw = dpkt.pcap.Writer(open('pkts.pcap','wb')) # Snooping on HTTP traffic def process(ts, pkt, *args): eth = dpkt.ethernet.Ethernet(pkt) ip = eth.data
  • 63. HTTP Protocol Sniffer (Contd.) if ip.__class__==dpkt.ip.IP: ip1, ip2 = map(socket.inet_ntoa,[ip.src, ip.dst]) if ip.p != 6: return l7 = ip.data sport, dport = [l7.sport, l7.dport] if sport in ports or dport in ports: print 'From %s to %s, length: %d' % (ip1, ip2, len(l7.data)) # Save packet to file... pcw.writepkt(pkt) if __name__ == &quot;__main__&quot;: try: pc.loop(process) except KeyboardInterrupt: print pc.stats() pcw.close()
  • 64. Scapy A powerful interactive, general purpose, packet manipulation program written purely in Python, available as a single file.
  • 65. Craft packets of a variety of protocols, send them on the wire, recieve replies, match requests and replies...
  • 66. Handles most basic tasks like scanning, traceroute, ping, probe etc.
  • 67. Scapy can be used to write new tools without the need of any special libraries
  • 68. Instead of writing 100 lines of code in C for a special tool, write 2 lines in Scapy!
  • 69. An interactive session with Scapy Send an echo request and dissect the first return packet. >>> from scapy import * >>> ip=IP(dst='www.google.com') >>> icmp=ICMP() >>> sr1(ip/icmp) Begin emission: .Finished to send 1 packets. * Received 2 packets, got 1 answers, remaining 0 packets <IP version=4L ihl=5L tos=0x60 len=28 id=1 flags= frag=0L ttl=239 proto=ICMP chksum=0xc007 src=66.102.7.104 dst=192.168.1.2 options='' |<ICMP type=echo-reply code=0 chksum=0x0 id=0x0 seq=0x0 |>>\
  • 70. A host scanner Enumerate hosts on a network that have port number 80 listening >>> p=IP(dst='210.212.26.27'/24)/TCP(dport=80, flags='S') >>> sr(p) Begin emission: ..*....Finished to send 256 packets. ******.*.***..**********.*************.**..*********.........**...*********.***.********.***.****.*******..**.... (This goes on for a while) Received 4963 packets, got 83 answers, remaining 173 packets (<Results: UDP:0 TCP:77 ICMP:6 Other:0>, <Unanswered: UDP:0 TCP:173 ICMP:0 Other:0>)
  • 71. Host scanner (contd.) >>> results = _[0] >>> for pout, pin in results: ... if pin.flags == 2: print pout.dst ... 210.212.26.5 210.212.26.15 210.212.26.19 210.212.26.20 210.212.26.22 210.212.26.23 210.212.26.24 210.212.26.25 210.212.26.26 210.212.26.27
  • 72. A slow port-scanner from scapy import * def scan(ip,start=80,end=443): open_ports = [] ip=IP(dst=ip)/TCP(dport=range(start,end+1), flags='S') results=sr(ip,verbose=0,timeout=30) for res in results[0]: if res[1]==None: continue if res[1].payload.flags==18: print 'Port %d is open' % res[0].dport open_ports.append(res[0].dport) return open_ports if __name__ == &quot;__main__&quot;: print scan('random.org')
  • 73. A slow port-scanner (contd). Sample Run anand@anand-laptop:~/programs/python$ sudo python portscan.py Port 80 is open Port 113 is open Port 443 is open [80, 113, 443] Scapy has a powerful tool named ”report_ports” which automates the entire process and outputs a Latex table containing the list of open ports. >>> report_ports('random.org',range(80,1024)) Begin emission: .*************** <Prints a latex table containing open ports>
  • 74. DNS Query >>> sr1(IP(dst=&quot;192.168.1.1&quot;)/UDP()/DNS(rd=1,qd=DNSQR(qname=&quot;www.python.org&quot;))) Begin emission: .Finished to send 1 packets. * Received 2 packets, got 1 answers, remaining 0 packets <IP version=4L ihl=5L tos=0x0 len=152 id=17093 flags=DF frag=0L ttl=250 proto=UDP chksum=0xba3b src=192.168.1.1 dst=192.168.1.2 options='' |<UDP sport=domain dport=domain len=132 chksum=0xee58 |<DNS id=0 qr=1L opcode=QUERY aa=0L tc=0L rd=1L ra=1L z=0L rcode=ok qdcount=1 ancount=1 nscount=2 arcount=2 qd=<DNSQR qname='www.python.org.' qtype=A qclass=IN |> an=<DNSRR rrname='www.python.org.' type=A rclass=IN ttl=30106 rdata=' 82.94.164.162 ' |> ns=<DNSRR rrname='python.org.' type=NS rclass=IN ttl=27914 rdata='ns.xs4all.nl.' |<DNSRR rrname='python.org.' type=NS rclass=IN ttl=27914 rdata='ns2.xs4all.nl.' |>> ar=<DNSRR rrname='ns.xs4all.nl.' type=A rclass=IN ttl=117171 rdata='194.109.6.67' |<DNSRR rrname='ns2.xs4all.nl.' type=A rclass=IN ttl=117171 rdata='194.109.9.100' |>> |>>>
  • 75. Traceroute >>>ans,unans=sr(IP(dst=' www.google.com ',ttl=(4,25),id=123)/TCP(flags=0x2) Finished to send 22 packets. ********************.. >>> for snd,rcv in ans: ... print snd.ttl, rcv.src, isinstance(rcv.payload, TCP) 8 218.248.255.66 False 9 218.248.250.82 False 10 195.2.7.37 False 11 198.32.146.46 False 12 216.239.43.12 False 13 72.14.238.130 False 14 209.85.243.122 False 15 209.85.251.94 False 16 74.125.19.105 True
  • 76. Packet Sniffing Scapy can replace wireshark or tcpdump! >>> sniff(iface=&quot;wlan0&quot;,prn=lambda x:x.summary()) Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 192.168.1.2:57655 > 217.25.178.5:www A Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 192.168.1.2:57655 > 217.25.178.5:www A Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 192.168.1.2:57655 > 217.25.178.5:www A Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 217.25.178.5:www > 192.168.1.2:57655 A / Raw Ether / IP / TCP 192.168.1.2:57655 > 217.25.178.5:www A Ether / IP / UDP / DNS Qry &quot;www.google.com.&quot; Ether / IP / UDP / DNS Ans &quot;www.l.google.com.&quot;
  • 77. Passive OS fingerprinting >>> p <Ether dst=00:10:4b:b3:7d:4e src=00:40:33:96:7b:60 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=60 id=61681 flags=DF frag=0L ttl=64 proto=TCP chksum=0xb85e src=192.168.8.10 dst=192.168.8.1 options='' |<TCP sport=46511 dport=80 seq=2023566040L ack=0L dataofs=10L reserved=0L flags=SEC window=5840 chksum=0x570c urgptr=0 options=[('Timestamp', (342940201L, 0L)), ('MSS', 1460), ('NOP', ()), ('SAckOK', ''), ('WScale', 0)] |>>> >>> p0f(p) (1.0, ['Linux 2.4.2 - 2.4.14 (1)'])
  • 78. Further Capabilities of Scapy are endless, limited only by your imagination and Python skills...!
  • 79. For exploring further, try these links, http://www.secdev.org/projects/scapy/build_your_own_tools.html
  • 82. Real life Examples Python port scan detection tool using pypcap and dpkt written by the author – available as an ASPN Python Cookbok recipe at http://code.activestate.com/recipes/576690/ Good example of using pypcap and dpkt together to write a network security tool Packet monitoring with dpkt and pypcap - http://code.activestate.com/recipes/576678/
  • 83. Links Pypcap - http://code.google.com/p/pypcap/
  • 84. Dpkt - http://code.google.com/p/dpkt/
  • 85. Scapy - http://www.secdev.org/projects/scapy/
  • 86. Python-libcap - http://sourceforge.net/projects/pylibpcap/