Linux Scapy Guards Your Servers (part 2)
Dec 02, 2010, 17:33 (0 Talkback[s])
(Other stories by Paul Ferrill)
"Scapy is a flexible tool for both capturing and generating
network traffic, and performing whatever type of analysis you want.
In Part 2 Paul Ferrill goes deeper into designing custom tests with
just a few lines of code.
"With Scapy you can both capture and generate network traffic.
In some cases it's necessary to generate a particular traffic
stream and then watch what comes back. With Scapy you can build
that type of tool with just a few lines of code. It will be helpful
to define a few terms before we get too far in order to better
understand what Scapy is doing. The OSI seven-layer protocol model
is used by Scapy in determining how to construct and interpret the
bits flowing across the wire. The physical layer is also known
layer 1 and is where things like media, either wired or wireless,
connectors and signal levels are defined. Layer two, referred to as
the data link layer, is where frames of data travel and use a
unique physical or MAC address to identify each node. The next
layer up is layer three and is referred to as the network layer.
This is the level where you have logical addressing, commonly known
as an IP address."