Article: Internal networks mapping using Scapy

April 2, 2020

by Temmar Abdessamad

Scapy is a powerful interactive packet manipulation program which can be used to forge, send and sniff network packets. This capability allows construction of tools that can handle most classical tasks like scanning, tracerouting, probing or attacks. It can be a good an alternative of some tools like hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, and tcpdump. The main advantage of using Scapy is it allow you to make your own and customized automated tools depending on the situation and give us more flexibility during a penetration test.

Throughout the article, we will try to use this Python library to map a network through a step by step methodology which can be useful in the reconnaissance and enumeration steps of an internal penetration test.

1. The entry point : DHCP


Once you connect your pentest machine to the target network, if DHCP protocol is configured it will provide you with useful information that are helpful when you start mapping the network. DHCP information can be viewed with ipconfig command in Linux. In order to make profit of our powerful tool Scapy, we will use it to send a DHCP Discover packet out to the network and apply a filter to listen for a response. The DHCP server responds by sending a packet to the broadcast containing all kind of useful information (IP address, Gateway IP Address, DNS Server....

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.