Article: Internal networks mapping using Scapy

Apr 4, 2014

by Temmar Abdessamad

Abstract
Scapy is a powerful interactive packet manipulation program which can be used to forge, send and sniff network packets. This capability allows construction of tools that can handle most classical tasks like scanning, tracerouting, probing or attacks. It can be a good an alternative of some tools like hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, and tcpdump. The main advantage of using Scapy is it allow you to make your own and customized automated tools depending on the situation and give us more flexibility during a penetration test.

Throughout the article, we will try to use this Python library to map a network through a step by step methodology which can be useful in the reconnaissance and enumeration steps of an internal penetration test.

1. The entry point : DHCP

 

Once you connect your pentest machine to the target network, if DHCP protocol is configured it will provide you with useful information that are helpful when you start mapping the network. DHCP information can be viewed with ipconfig command in Linux. In order to make profit of our powerful tool Scapy, we will use it to send a DHCP Discover packet out to the network and apply a filter to listen for a response. The DHCP server responds by sending a packet to the broadcast containing all kind of useful information (IP address, Gateway IP Address, DNS Server....


© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023