Discussion:
Scapy network testing
Serj Mosin
2011-09-20 16:08:36 UTC
Permalink
Hello, everybody.
I'm currently trying to use scapy in a network testing tool.
This is my coursework in university, so its pretty important for me.
I have some questions to you.
1)First question, which i had to ask much much earlier: is scapy a good/viable
tool for such a problem as testing network. The idea of this question came to my
mind due to next questions =)
2)I read in some message on this site that all scapy operations with packets are
extremly slow, so you need to use sendpfast functions instead of usual
send,sendp,sr etc if speed is important for your problem. For me it is quite
important, because all parts of my program depend on speed: throughput
measurements, delay measurements.
So is it true that if i have a channel with 100 Mbit/s throughput then using
sr() function to determine RTT time is wrong
because of low speed of scapy itself?
3.)I tried to use sendpfast() in my virtual network to determine RTT, but client
did not get the right packet i sent him via sendpfast. It was like
sendpfast(IP(dst="192.168.0.102")/ICMP()) //192.168.0.102 is IP of client and
ICMP() for echo request, but client did not even get appropriate packet.
I'm using VMware workstation and a couple of Ubuntus in a team with LAN segment
uniting them.
Sorry for such a wall of text, i need your help really.


---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
César A. Bernardini
2011-09-20 18:25:01 UTC
Permalink
Hi!

Well... I'm not the more expert in the field but I'm working in Scapy
since a few months.

Scapy is really a good way to handle packets, to manipulate and inject
what you want to. But in my humble opinion, it's slow and you lose a
LOT of information... so this is way I use scapy to inject messages
and pypcap to sniff the network. Then, every received message I parsed
it with a callback and I don't lose packets.

But, wait for the experts' answers!
Post by Serj Mosin
Hello, everybody.
I'm currently trying to use scapy in a network testing tool.
This is my coursework in university, so its pretty important for me.
I have some questions to you.
1)First question, which i had to ask much much earlier: is scapy a good/viable
tool for such a problem as testing network. The idea of this question came to my
mind due to next questions =)
2)I read in some message on this site that all scapy operations with packets are
extremly slow, so you need to use sendpfast functions instead of usual
send,sendp,sr etc if speed is important for your problem. For me it is quite
important, because all parts of my program depend on speed: throughput
measurements, delay measurements.
So is it true that if i have a channel with 100 Mbit/s throughput then using
sr() function to determine RTT time is wrong
because of low speed of scapy itself?
3.)I tried to use sendpfast() in my virtual network to determine RTT, but client
did not get the right packet i sent him via sendpfast. It was like
sendpfast(IP(dst="192.168.0.102")/ICMP()) //192.168.0.102 is IP of client and
ICMP() for echo request, but client did not even get appropriate packet.
I'm using VMware workstation and a couple of Ubuntus in a team with LAN segment
uniting them.
Sorry for such a wall of text, i need your help really.
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
Ryan Speers
2011-09-22 00:53:09 UTC
Permalink
Hi Serj,

There are people on this list who can help you better, but here are my thoughts on it:

1) Sure, Scapy is great, but remember there are other tools, like if you want to measure throughput and delay there are standard linux utilities that are commonly used for that in industry, academia, etc. I suggest you consider those, if you want to try to stick with the standard utitlities that work pretty well. Scapy will be your go-to when you want to do something that existing tools may not support, or you have some special requirement.

2) Yes, Scapy is slower than C based tools written for specific tasks. This is the nature of scripting languages and comes as a side effect of the really nice interface and API that Scapy provides.

3) I think for sendpfast you'll need to add a layer 2 in your packet construction (aka Ethernet headers). See previous entries on this list this past week regarding that.

Hopefully this helps a little?
Post by César A. Bernardini
Hi!
Well... I'm not the more expert in the field but I'm working in Scapy
since a few months.
Scapy is really a good way to handle packets, to manipulate and inject
what you want to. But in my humble opinion, it's slow and you lose a
LOT of information... so this is way I use scapy to inject messages
and pypcap to sniff the network. Then, every received message I parsed
it with a callback and I don't lose packets.
But, wait for the experts' answers!
Post by Serj Mosin
Hello, everybody.
I'm currently trying to use scapy in a network testing tool.
This is my coursework in university, so its pretty important for me.
I have some questions to you.
1)First question, which i had to ask much much earlier: is scapy a good/viable
tool for such a problem as testing network. The idea of this question came to my
mind due to next questions =)
2)I read in some message on this site that all scapy operations with packets are
extremly slow, so you need to use sendpfast functions instead of usual
send,sendp,sr etc if speed is important for your problem. For me it is quite
important, because all parts of my program depend on speed: throughput
measurements, delay measurements.
So is it true that if i have a channel with 100 Mbit/s throughput then using
sr() function to determine RTT time is wrong
because of low speed of scapy itself?
3.)I tried to use sendpfast() in my virtual network to determine RTT, but client
did not get the right packet i sent him via sendpfast. It was like
sendpfast(IP(dst="192.168.0.102")/ICMP()) //192.168.0.102 is IP of client and
ICMP() for echo request, but client did not even get appropriate packet.
I'm using VMware workstation and a couple of Ubuntus in a team with LAN segment
uniting them.
Sorry for such a wall of text, i need your help really.
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
Serj Mosin
2011-09-22 16:26:40 UTC
Permalink
Post by Ryan Speers
Hi Serj,
1) Sure, Scapy is great, but remember there are other tools, like if you want
to measure throughput and delay
Post by Ryan Speers
there are standard linux utilities that are commonly used for that in
industry, academia, etc. I suggest
Post by Ryan Speers
you consider those, if you want to try to stick with the standard utitlities
that work pretty well. Scapy
Post by Ryan Speers
will be your go-to when you want to do something that existing tools may not
support, or you have some
Post by Ryan Speers
special requirement.
2) Yes, Scapy is slower than C based tools written for specific tasks. This is
the nature of scripting
Post by Ryan Speers
languages and comes as a side effect of the really nice interface and API that
Scapy provides.
Post by Ryan Speers
3) I think for sendpfast you'll need to add a layer 2 in your packet
construction (aka Ethernet headers). See
Post by Ryan Speers
previous entries on this list this past week regarding that.
Hopefully this helps a little?
Hello, Ryan. Thanks a lot for your response. It is helpful ofcourse, but i need
to ask some more questions.
1) First, providing cross-platformability is as important as accuracy in
characteristic counting, so linux specific tools do not fulfill this
requirement. But if you could name some platform independent tools, it would be
great. I heard about libpcap, but it seems that scapy is based on this library,
so its much more difficult to make such tests(generating packets using specific
protocols and sniffing them) using such low-level tools. Correct me if i'm
wrong, please.
2) But can using sendpfast function overcome this trouble? Or should i
immediately change my specification?
3) Well, i was trying to add 2nd lvl protocol in packet, but it had no effect:
sendpfast(IP(dst="192.168.0.102")/Ether()/ICMP()) still doesn't comes to the
client.
P.S. thanks again for your response, and i hope, you'll continue answering me.
P.S.2 César, thank you too, i looked for pypcap, but it seemed quite complicated
to me, may be it is not so. I want to try use scapy because of its high level
interface and rich functionality. But if there is no way to code my provlem with
it, all doors are open for new tools =)






---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-***@secdev.org
Zohaib Khalid
2011-09-22 16:33:10 UTC
Permalink
@Serj

The packet would be Ether()/IP(dst="192.168.0.102")/ICMP()

*

Best Regards

M. Zohaib Khalid
*
Post by Ryan Speers
Post by Ryan Speers
Hi Serj,
There are people on this list who can help you better, but here are my
1) Sure, Scapy is great, but remember there are other tools, like if you
want
to measure throughput and delay
Post by Ryan Speers
there are standard linux utilities that are commonly used for that in
industry, academia, etc. I suggest
Post by Ryan Speers
you consider those, if you want to try to stick with the standard
utitlities
that work pretty well. Scapy
Post by Ryan Speers
will be your go-to when you want to do something that existing tools may
not
support, or you have some
Post by Ryan Speers
special requirement.
2) Yes, Scapy is slower than C based tools written for specific tasks.
This is
the nature of scripting
Post by Ryan Speers
languages and comes as a side effect of the really nice interface and API
that
Scapy provides.
Post by Ryan Speers
3) I think for sendpfast you'll need to add a layer 2 in your packet
construction (aka Ethernet headers). See
Post by Ryan Speers
previous entries on this list this past week regarding that.
Hopefully this helps a little?
Hello, Ryan. Thanks a lot for your response. It is helpful ofcourse, but i need
to ask some more questions.
1) First, providing cross-platformability is as important as accuracy in
characteristic counting, so linux specific tools do not fulfill this
requirement. But if you could name some platform independent tools, it would be
great. I heard about libpcap, but it seems that scapy is based on this library,
so its much more difficult to make such tests(generating packets using specific
protocols and sniffing them) using such low-level tools. Correct me if i'm
wrong, please.
2) But can using sendpfast function overcome this trouble? Or should i
immediately change my specification?
sendpfast(IP(dst="192.168.0.102")/Ether()/ICMP()) still doesn't comes to the
client.
P.S. thanks again for your response, and i hope, you'll continue answering me.
P.S.2 César, thank you too, i looked for pypcap, but it seemed quite complicated
to me, may be it is not so. I want to try use scapy because of its high level
interface and rich functionality. But if there is no way to code my provlem with
it, all doors are open for new tools =)
---------------------------------------------------------------------
Loading...