How to evaluate network recordings with Python and Scapy

How to evaluate network recordings with Python and Scapy

  1. How to evaluate network recordings with Python and Scapy
  2. Get started with Scapy
  3. Start Scapy Shell
  4. Unpack packages
  5. read data
  6. create script
  7. IPv6, script expansion and data interpretation
  8. Conclusion
  9. Digression: basic framework for analysis scripts

Read the article in c’t 15/2022

Data traffic from network devices is traditionally evaluated manually. Analysis tools such as the powerful Wireshark, which decodes, filters and evaluates a large number of protocols, are usually used for this. Wireshark has also been in use in the c’t editorial team since time immemorial, for example when it comes to examining the data traffic of apps. Among other things, we clarify which servers are contacted using which protocols and whether confidential data is sent through the line in plain text.

This is often hard work, because if we look at 10 or 20 apps for a c’t article, for example, a multiple of package recordings are waiting for evaluation. In such cases, we are happy to use analysis scripts that we have developed specifically for the evaluations that are currently in demand. Because if we teach a script the routine tasks that we carry out by hand with every single recording, there is more time to investigate specifics. With this article we would like to show you how you can build your own analysis scripts that provide you with exactly the information you need.

The linchpin is the open source tool Scapy, which is programmed in Python. Scapy is a Swiss army knife for working with network packets: you can use it to open packet dumps, record live traffic, and even assemble, manipulate, and send packets by hand. It is suitable for a number of protocols, in addition to TCP/IP, for example also for ZigBee or Bluetooth. If you know the basic functionality, the way to the individual analysis or hacking tool is not far away. Scapy feels comfortable on Linux, macOS and Windows.

More and more knowledge.

The digital subscription for IT and technology.

  • All exclusive tests, guides & background information
  • One subscription for all magazines: Read c’t, iX, MIT Technology Review, Mac & i, Make, c’t photography directly in your browser
  • No risk: first month free, then monthly from €9.95. Magazine subscribers read even cheaper!

Start a FREE month Try it now for FREE & continue reading right away!

already subscribed to heise+?

Register and read Register now and read the article immediately To the start page

Machine Learning: Apache Flink ML 2.1 brings ten new algorithms Previous post Machine Learning: Apache Flink ML 2.1 brings ten new algorithms
Vite.js 3.0: JavaScript build tool gets faster Next post Vite.js 3.0: JavaScript build tool gets faster