I often find my self tracing where in a network traffic is being dropped. Unfortunately there are not many tools that are able to do this well. tcptraceroute is pretty good but it doesn’t help with UDP. Enter scappy. Below are three small examples of how one can use scapy to trace packets through there network.
ICMP
ans, unans = sr(IP(dst='192.0.2.1', ttl=(1,24))/ICMP(),timeout=3) for snd,rcv in ans: print snd.ttl, rcv.src
TCP
ans, unans = sr(IP(dst='192.0.2.1', ttl=(1,24))/TCP(dport=6969,sport=53),timeout=3) for snd,rcv in ans: print snd.ttl, rcv.src
UDP
ans, unans = sr(IP(dst='192.0.2.1', ttl=(1,24))/UDP(dport=6969,sport=53),timeout=3) for snd,rcv in ans: print snd.ttl, rcv.src
Advertisements
