Linux Protects Your Servers with Scapy (part 1) - page 2
One of the key features of Scapy is the language it's written in, namely Python. With Python under the covers you can write scripts to automate any of the testing and analysis you want to accomplish. Once you install Scapy you have direct access to all features from the Python prompt. Scapy has its own interactive capability which is what you'll see if you simply type scapy in a terminal window. If you examine the /usr/local/bin/scapy file, you'll see a bunch of comment lines and two actual Python commands:
from scapy.main import interact
The power of Python simplifies the process of building scripts to send specific requests and then to format the return information into human-readable output. To interpret the output of the earlier ICMP request takes a single line of Python code as in:
>>> ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive"))
Other handy lambda functions include the following used with the sniff command:
>>> sniff(iface="eth1", prn=lambda x: x.show())
If you run this command in a terminal window, you'll see a verbose listing of all the traffic on eth1 until you stop it with the control-D key.
Scapy is a powerful tool especially for anyone with a little Python experience. It's relatively simple to build a quick utility program to capture traffic of interest. In the next installment we'll look at using Scapy in more of a forensic mode to proactively protect your network.