# Scapy — Interactive Packet Manipulation in Python

> A powerful Python-based interactive packet manipulation library and tool that can forge, decode, send, receive, and analyze network packets for security research, protocol testing, and network discovery.

## Install

Save as a script file and run:

# Scapy — Interactive Packet Manipulation in Python

## Quick Use
```bash
# Install
pip install scapy

# Interactive mode
sudo scapy

# Send a SYN packet and receive response
>>> sr1(IP(dst="example.com")/TCP(dport=80,flags="S"))

# ARP scan a local subnet
>>> arping("192.168.1.0/24")
```

## Introduction
Scapy is a Python library and interactive tool for low-level network packet crafting, sending, sniffing, and analysis. Unlike fixed-function tools, Scapy gives full programmatic control over every byte of every protocol layer, making it the Swiss Army knife for network security research, protocol fuzzing, and custom scanning.

## What Scapy Does
- Crafts arbitrary packets at any protocol layer from Ethernet frames to application payloads
- Sends packets on the wire and matches responses with automatic request-response correlation
- Sniffs live traffic with BPF filters and dissects captured packets into structured Python objects
- Supports 500+ protocols with automatic field decoding and pretty-printing
- Generates network traces, pcap files, and protocol visualizations programmatically

## Architecture Overview
Scapy represents packets as layered Python objects where each protocol is a class with typed fields. Layers stack via the `/` operator, and Scapy handles checksums, lengths, and padding automatically. The send/receive engine uses raw sockets or libpcap for transmission and employs a matching algorithm to pair requests with responses. An interactive shell (built on IPython) provides immediate feedback for exploratory packet work.

## Self-Hosting & Configuration
- Install via pip; requires root/sudo for raw socket operations
- Works on Linux, macOS, and Windows (with Npcap for Windows raw socket support)
- Configure default network interface with `conf.iface` in scripts or interactive shell
- Use `conf.route` to inspect and modify the routing table for multi-interface setups
- Integrate with Wireshark via `wireshark()` method for visual packet inspection

## Key Features
- 500+ built-in protocol dissectors covering L2 through L7 (Ethernet, IP, TCP, DNS, TLS, HTTP, etc.)
- Programmatic packet crafting enables protocol fuzzing and custom scanner development
- Built-in traceroute, arping, and sniff functions for common network tasks
- Automatic pcap read/write for integration with tcpdump and Wireshark workflows
- Extensible architecture allows defining custom protocols in a few lines of Python

## Comparison with Similar Tools
- **Nmap** — focused on host/port discovery and service detection; Scapy provides raw packet-level control for custom scanning logic
- **hping3** — CLI packet crafter limited to TCP/UDP/ICMP; Scapy covers all protocols and is fully scriptable in Python
- **Netcat** — sends/receives raw TCP/UDP streams; Scapy operates at the packet level with protocol awareness
- **Wireshark** — passive traffic analyzer; Scapy both generates and analyzes packets programmatically

## FAQ
**Q: Does Scapy require root privileges?**
A: Yes, for sending raw packets and sniffing. On Linux you can use capabilities (`CAP_NET_RAW`) instead of full root.

**Q: Can Scapy handle high-throughput packet generation?**
A: Scapy prioritizes flexibility over raw speed. For high-rate scanning, use `sendpfast()` which leverages tcpreplay, or generate packets with Scapy and send via faster backends.

**Q: How do I add a custom protocol dissector?**
A: Define a class inheriting from `Packet` with `fields_desc` listing field types and sizes. Bind it to parent layers with `bind_layers()`.

**Q: Is Scapy suitable for production network monitoring?**
A: Scapy is designed for research and testing. For production sniffing at scale, use dedicated tools like Zeek or Suricata and reserve Scapy for prototyping and analysis.

## Sources
- https://github.com/secdev/scapy
- https://scapy.net/

---
Source: https://tokrepo.com/en/workflows/asset-38ec3125
Author: Script Depot