Linux Protects Your Servers with Scapy (part 1)
Nov 18, 2010, 18:34 (0 Talkback[s])
(Other stories by Paul Ferrill)
"The best server and network security tools come from Linux and
FOSS. Paul Ferrill introduces Scapy, a powerful Python-based
networking protocol analysis and testing tool.
"Guarding your private network from the perils of the Internet
is no easy task. The basics are pretty much the same from a
defensive standpoint no matter how you slice it. Firewalls of one
type or another protect an internal network by using two separate
Ethernet connections with a software proxy filtering the traffic
between the two ports. Linux serves as a great platform for this
role with tools like netfilter/iptables.
"On the offensive side, the techniques most often used involve
either a packet monitoring tool such as Wireshark or a port
scanning tool like nmap. Both of these tools have a wide following
and should be familiar to any network administrator. Scapy is
somewhat of a hybrid between the packet capture and analysis
capabilities of Wireshark and nmap's packet generation features.
Both of these were covered in a recent Linux Planet article. In
this two-part article we'll look first at the basics of Scapy
including how to get up and running, how to capture and display
specific types of Ethernet traffic and how to create a few simple
scripts using Python. In part two, we'll go more in depth to look
at using Scapy to test your Web server for possible
vulnerabilities, how to track down a rogue DNS server, and how to
scan a wireless network for potential security holes."