Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.
First, you need to install it with pip tool: pip install scapy --user.
I used with WinPcap from this webpage, but you will see the recomandation is to use Npcap.
#!/usr/bin/env python3
import os
print(os.sys.path)
from scapy.all import *
def mysniff(interface):
sniff(iface=interface, store=False, prn=process_sniffed_packet)
def process_sniffed_packet(packet):
pyperclip.copy(str(packet))
print(packet)
mysniff("Realtek PCIe GbE Family Controller")
The running result is something like this:
...
WARNING: WinPcap is now deprecated (not maintained). Please use Npcap instead
Ether / IP / TCP 104.244.42.2:https > 192.168.0.143:55478 PA / Raw
Ether / IP / TCP 192.168.0.143:55478 > 104.244.42.2:https PA / Raw
Ether / IP / TCP 192.168.0.143:55478 > 104.244.42.2:https PA / Raw
Ether / IP / TCP 104.244.42.2:https > 192.168.0.143:55478 A / Padding
Ether / IP / TCP 104.244.42.2:https > 192.168.0.143:55478 A / Padding
Ether / ARP who has 192.168.0.1 says 192.168.0.206 / Padding
...