Linux Protects Your Servers with Scapy (part 1) - page 2
One of the key features of Scapy is the language it's written in, namely Python. With Python under the covers you can write scripts to automate any of the testing and analysis you want to accomplish. Once you install Scapy you have direct access to all features from the Python prompt. Scapy has its own interactive capability which is what you'll see if you simply type scapy in a terminal window. If you examine the /usr/local/bin/scapy file, you'll see a bunch of comment lines and two actual Python commands:
from scapy.main import interact
The power of Python simplifies the process of building scripts to send specific requests and then to format the return information into human-readable output. To interpret the output of the earlier ICMP request takes a single line of Python code as in:
>>> ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive"))
Other handy lambda functions include the following used with the sniff command:
>>> sniff(iface="eth1", prn=lambda x: x.show())
If you run this command in a terminal window, you'll see a verbose listing of all the traffic on eth1 until you stop it with the control-D key.
Scapy is a powerful tool especially for anyone with a little Python experience. It's relatively simple to build a quick utility program to capture traffic of interest. In the next installment we'll look at using Scapy in more of a forensic mode to proactively protect your network.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: Linux Mint Olivia, Fedora 19's Cat and Ubuntu's Mission Accomplished Moment
- 2Linux Top 3: Linux 3.10 Goes Long, Linux 3.11 Advances as LXDE Merges
- 3Why Linux is Super (Computing)
- 4Linux 3.10 Improves Multi-tasking and SSD Caching
- 5Linux Top 3: Linus Lashes out, Linux 3.14 Gets PIE and Ubuntu One is Done.