Packet Replay in Scapy

What is Scapy ?
Scapy, it’s a tool, a utility used for modifying our packet and then send them over the network. With scapy, it’s huge possibility to perform any sort of actions like Scanning, tracerouting, network discovery, attacks, hping most of the Nmap functions, arp-spoofing, arp-poisoning, tcpdump, VoIP decoding, WEP encryption… you name it.

Here, we’ll be performing TCP Handshake, then we Capture those packets and do Replay in Scapy.

TCP 3-Way Handshake and Packet Replay: 
# Scapy Console

>>>ip = IP(src='192.168.163.133', dst='192.168.163.135')
>>>SYN = TCP(sport=1024, dport=80, flags='S', seq=12345)
>>>packet = ip/SYN
>>>SYNACK = sr1(packet)
>>>ack = SYNACK.seq + 1
>>>ACK = TCP(sport=1024, dport=80, flags='A', seq=12346, ack=ack)
>>>send(ip/ACK)
>>>PUSH = TCP(sport=1024, dport=80, flags='', seq=12346, ack=ack)
>>>data = "HELLO!"
>>>send(ip/PUSH/data)


# Run the Wireshark and Save the capture as tcp.pcap # Apply filer for "TCP" and you'll see something like this. # I am getting Reset back as port is close on this tcp. 













# Replay the saved tcp.pcap packet and apply filter "tcp" to view tcp 3 way handshake.


>>>packet = rdpcap('tcp.pcap')
>>>p.show()
>>>packet[TCP].summary()


# Run this and in scapy console, you'll get something like this.









































# Python Script for TCP Handshake:

#!/usr/bin/env python 
from scapy.all import *
ip = IP(src='192.168.163.133', dst='192.168.163.135')
SYN = TCP(sport=1024, dport=80, flags='S', seq=12345)
packet = ip/SYN
SYNACK = sr1(packet)
ack = SYNACK.seq + 1
ACK = TCP(sport=1024, dport=80, flags='A', seq=12346, ack=ack)
send(ip/ACK)
PUSH = TCP(sport=1024, dport=80, flags='', seq=12346, ack=ack)
data = "HELLO!"
send(ip/PUSH/data)


# Python Script for Packet Replay 

from scapy.all import *
pkt = rdpcap('tcp.pcap') 
for packet in pkt:
     print packet[tcp].summary()