scapy
Interactive packet manipulation and network tool
TLDR
Start the interactive scapy shell
SYNOPSIS
scapy [-h] [-H] [-d] [-p prestartfile] [**-P**] [**-c** startupfile] [-C]
DESCRIPTION
Scapy is a Python-based interactive packet manipulation program and library. It can forge, decode, send, and capture packets for a wide range of network protocols. Scapy uses the Python interpreter as its command interface, allowing full use of Python syntax including variables, loops, and functions.
The tool can replace or complement utilities like hping, nmap, arpspoof, arping, tcpdump, and tshark. Unlike traditional tools that reduce responses to simple states like "open" or "closed," Scapy provides access to the complete packet data for detailed analysis.
Common functions include send() for layer 3 packets, sendp() for layer 2, sr() for send-receive, sr1() for single response, sniff() for packet capture, and wrpcap()/rdpcap() for PCAP file operations.
PARAMETERS
-h
Display usage information-H
Header-less mode; also reduces verbosity-d
Increase log verbosity; can be used multiple times for more detail-p prestartfile_
Use specified file instead of ~/.config/scapy/prestart.py as pre-startup file-P
Do not run the prestart file-c startupfile_
Use specified file instead of ~/.config/scapy/startup.py as startup file-C
Do not run the startup file
CAVEATS
Scapy requires root privileges for most operations involving raw sockets. It may miss packets under heavy network load. Session saving is limited by Python's marshaling capabilities, so lambda functions and generators cannot be preserved. Interface aliases may not report correct source IPs.
HISTORY
Scapy was created by Philippe Biondi in 2003 as a flexible alternative to rigid network tools. It gained popularity in the security community for penetration testing and network research. The project transitioned to Python 3 support and continues to be actively maintained by the security community on GitHub.