Friday, April 15, 2011

Teaching Networking with scapy

The Python package "scapy" is a wonderful teaching and research tool. It provides a simple interactive environment you can use to build network packets in, and you can use it in scripts as well to make simple scanners, attack tools, Intrusion Detection Systems, etc.

It's really good for students to craft packets directly, so they understand how IP, ICMP, TCP, and UDP really work at a low level.

For example, here is "yesman"--a script that answers every SYN with a SYN/ACK.



When an attacker runs a port scan on a network protected by yesman, every port on every machine appears to be open, making the scan slow and useless.



I have assigned my students a series of projects learning scapy, and here they are so you can use them too:

Intro to scapy

TCP Handshake with scapy

IPv6 with scapy

Router Advertisements with scapy

Slow Loris Attack with scapy

yesman--Scanner Honeypot with scapy

As always, everyone is free to use these materials for teaching, research, or any other legal purpose. If you break the law, you may get into trouble, and I won't be able to save you.

3 comments:

  1. So where do I go to take classes or teach classes about scapy?! That's awesome :)

    ReplyDelete
  2. Just in case, there is a netcat using scapy:

    http://code.google.com/p/scapync/

    ReplyDelete