secdev/scapy

★ 12,284PythonAudience · developerComplexity · 3/5LicenseSetup · moderate

Mindmap

mindmap
  root((Scapy))
    What it does
      Build custom packets
      Send and capture traffic
      Parse many protocols
    Usage modes
      Interactive shell
      Python library
    Protocols covered
      IP and ICMP
      TCP and UDP
      Wi-Fi frames
    Use cases
      Network scanning
      Security testing
      Traffic analysis

mindmap root((Scapy)) What it does Build custom packets Send and capture traffic Parse many protocols Usage modes Interactive shell Python library Protocols covered IP and ICMP TCP and UDP Wi-Fi frames Use cases Network scanning Security testing Traffic analysis

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Scan a local network to discover active hosts and open ports without installing separate tools like nmap.

USE CASE 2

Capture live network traffic and inspect packet contents for debugging or security analysis.

USE CASE 3

Send intentionally malformed or custom-crafted packets to test how network equipment responds to unusual input.

USE CASE 4

Write a Python script that performs a traceroute and processes the router replies programmatically.

Tech stack

Python

Getting it running

Difficulty · moderate Time to first run · 30min

Requires root or admin privileges for raw packet operations, Windows requires additional packages like Npcap.

Free to use and modify, but any software that includes Scapy must also be released as open source under GPL v2.

In plain English

Scapy is a Python tool for working with network packets at a low level. A packet is a small chunk of data that travels across a network, and every piece of internet communication, from loading a web page to sending an email, is made up of packets following specific rules called protocols. Scapy lets you build custom packets from scratch, send them over the network, capture incoming packets, and inspect or analyze what comes back. It can be used in two ways: as an interactive shell you run in a terminal, or as a library you import into your own Python scripts. In the shell, you can type commands to construct and send packets one at a time and immediately see the responses. For example, you can send a ping to a server and read back the reply's source IP address in a few lines. As a library, you can write scripts that automate more complex network tasks. Scapy knows how to build and parse a wide range of network protocols, which means it can handle many of the tasks that separate tools like ping, traceroute, nmap, tcpdump, and Wireshark each handle individually. The README notes that it can replace or replicate most of what those tools do, while also handling more unusual tasks they cannot, such as sending intentionally malformed packets or injecting custom Wi-Fi frames. Typical uses include network scanning to discover what devices and services are on a network, packet capture and analysis, testing how network equipment responds to unusual traffic, and security research. It requires Python 3.7 or newer and runs on Linux, macOS, BSD, and Windows. On Linux and BSD it works with no extra dependencies, Windows requires a few additional packages. The code is licensed under GPL v2.

Copy-paste prompts

Prompt 1

Using Scapy, write a Python script that sends an ICMP ping to a host and prints the round-trip time and source IP from the reply.

Prompt 2

Show me how to use Scapy to scan a subnet like 192.168.1.0/24 for active hosts using ARP requests and print a list of which IPs responded.

Prompt 3

I want to capture all HTTP packets on my local network interface with Scapy and print the destination host and request path for each one.

Prompt 4

Using Scapy, build a simple traceroute that sends UDP packets with increasing TTL values and records which routers reply at each hop.

Open on GitHub → Explain another repo

← secdev on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.