Linux Today: Linux News On Internet Time.

Linux Scapy Guards Your Servers (part 2)

Dec 02, 2010, 17:33 (0 Talkback[s])
(Other stories by Paul Ferrill)

"Scapy is a flexible tool for both capturing and generating network traffic, and performing whatever type of analysis you want. In Part 2 Paul Ferrill goes deeper into designing custom tests with just a few lines of code.

"With Scapy you can both capture and generate network traffic. In some cases it's necessary to generate a particular traffic stream and then watch what comes back. With Scapy you can build that type of tool with just a few lines of code. It will be helpful to define a few terms before we get too far in order to better understand what Scapy is doing. The OSI seven-layer protocol model is used by Scapy in determining how to construct and interpret the bits flowing across the wire. The physical layer is also known layer 1 and is where things like media, either wired or wireless, connectors and signal levels are defined. Layer two, referred to as the data link layer, is where frames of data travel and use a unique physical or MAC address to identify each node. The next layer up is layer three and is referred to as the network layer. This is the level where you have logical addressing, commonly known as an IP address."

Complete Story

Related Stories: