Using Scapy during an investigation

Another great Python-based tool to analyze and manipulate the network traffic is Scapy. According to the developer website, http://www.secdev.org/projects/scapy/:

"Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more."

Scapy differs from the standard tools (and also from Dshell) by providing an investigator with the ability to write small Python scripts that can manipulate or analyze the network traffic—either in a recorded form or in real-time. Furthermore, Scapy has the ability to perform deep packet dissection, passive OS fingerprinting, or plotting via ...

Get Mastering Python Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Python Forensics by Dr. Michael Spreitzenbarth, Dr. Johann Uhrmann

Using Scapy during an investigation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly