Linux Scapy Guards Your Servers (part 2) - page 2
Building a Scapy Toolbox
Much of the discussion to this point has been defensive in nature. One way to go on the offensive is to generate traffic targeted at specific hosts to see what happens. This type of activity falls into the intrusion detection (ID) category. There are many commercial and open source tools that will perform this task but so will Scapy. See the secdev.org website for a good paper on how to use Scapy for this type of task.
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/ IP(src="0.0.0.0",dst="255.255.255.255")/ UDP(sport=68,dport=67)/ BOOTP(chaddr=hw)/ DHCP(options=[("message-type","discover"),"end"]) ans, unans = srp(dhcp_discover, multi=True)
You could test these two lines out using the Scapy interactive prompt or incorporate into your own tool. What you should see as a response will be every Mac and IP address that identifies itself as a DHCP server. If you don't recognize any of the addresses, you may have a rogue DHCP server on your network. The Scapy wiki has a number of other examples of offensive tools that are worth your time to explore.
This article really just touches the surface of what you can do with Scapy. Hopefully, it will give you enough information to get started. Waiting until you have a problem to learn what to do about it is never a good idea.