Port Scanning Techniques with Scapy

Introduction

In today’s digital landscape, network security has become more crucial than ever. Professionals in this field utilize various tools and techniques to ensure system security and identify vulnerabilities. Among these tools, Scapy, a Python-based packet manipulation library, stands out for its versatility and effectiveness. This article delves into the basic features of Scapy and illustrates how it can be employed for simple port scanning.

Understanding Scapy

Scapy is a powerful library written in Python, designed to simplify interactions with network protocols. It allows users to create, send, capture, and analyze network packets. This flexibility and detailed control make Scapy an invaluable tool for network security experts and system administrators.

What is Port Scanning?

Port scanning is a method used to determine open ports on devices within a network. These open ports can reveal vulnerabilities and potential points of attack in a network, making port scanning a critical component of security audits.

Port Scanning with Scapy: A Basic Example

Below is a simple example demonstrating how to use Scapy for port scanning. This example checks the status (open or closed) of specific ports on a target system.

from scapy.all import *

def scan_port(ip, port):
    # Create IP and TCP layers
    ip_pkt = IP(dst=ip)
    tcp_pkt = TCP(dport=port, flags="S")

    # Combine package and ship
    pkt = ip_pkt / tcp_pkt
    resp = sr1(pkt, timeout=1, verbose=0)

    # Check answer
    if resp is not None:
        if resp.haslayer(TCP):
            if resp.getlayer(TCP).flags == 0x12:  # SYN-ACK Control
                # Port open
                return True
            elif resp.getlayer(TCP).flags == 0x14:  # RST-ACK Control
                # Port close
                return False
    return False  # If there is no response the port is considered closed

# Example usage
target_ip = "10.0.2.12"  # Destination IP address
for port in range(20, 655000):
    status = scan_port(target_ip, port)
    if status:
        print(f"Port {port}: Open")
    else:
        continue

Code Explanation

This script scans TCP ports on a specified IP address. It sends a SYN packet to each port and examines the response. A SYN-ACK response indicates an open port, while a RST-ACK signifies a closed port. No response also implies the port is closed.
To access the book I prepared for you: Mastering Scapy: A Comprehensive Guide to Network Analysis 👈

Conclusion

Scapy is a powerful tool for network security and system management professionals. The simple port scanning example provided in this article offers a basic understanding of how Scapy can be used. However, it’s important to remember that unauthorized port scanning can lead to legal implications. Always obtain permission from network administrators before conducting such activities.