views:

968

answers:

4

I'm relatively new to Python and am having problems programming with Scapy, the Python network manipulation tool. However, I can't tell if it's as much a Scapy problem as it is a being-a-Python-newbie problem. On the scapy site, they give a sample program which I'm not able to run on my own machine:

#! /usr/bin/env python

import sys
from scapy import sr1,IP,ICMP

p=sr1(IP(dst=sys.argv[1])/ICMP())
if p:
    p.show()

To which I get:

Traceback (most recent call last):
  File "test.py", line 4, in <module>
    from scapy import sr1,IP,ICMP
ImportError: cannot import name sr1

So my question then is: when installing Python libraries, do I need to change my path or anything similar? Also, is there something I can run in the interpreter to tell me the contents of the scapy package? I can run from scapy import * just fine, but since I have no idea what's inside it, it's hard to use it.

+5  A: 

With the caveat from Federico Ramponi "You should use scapy as an interpreter by its own, not as a library", I want to answer the non-scapy-specific parts of the question.

Q: when installing Python libraries, do I need to change my path or anything similar?

A: I think you are talking about changing PYTHONPATH system-wide. This is usually not required or a good idea.

Third party Python libraries should either be installed in system directories, such as /usr/lib/python2.5/site-packages, or installed locally, in which case you might want to set PYTHONPATH in your Makefile or a in driver shell script.

Q: Also, is there something I can run in the interpreter to tell me the contents of the scapy package?

A: You can do something like this:

>>> import scapy
>>> dir(scapy)

Or even better:

>>> import scapy
>>> help(scapy)

Bonus question asked in a comment.

Q: Is 'import scapy' the same as 'from scapy import *'?

A: import scapy binds the scapy name in the local namespace to the scapy module object. OTOH, from scapy import * does not bind the module name, but all public names defined in the scapy module are bound in the local namespace.

See paragraphs 6 and 7 of the Python Reference Manual, 6.12 The import statement.

ddaa
Thanks for the help! Quick side question: is 'import scapy' the same as 'from scapy import *'?
Chris Bunch
+2  A: 

It tells you that it can't find sr1 in scapy. Not sure just how newbite you are, but the interpreter is always your friend. Fire up the interpreter (just type "python" on the commandline), and at the prompt (>>>) type (but don't type the >'s, they'll show up by themselves):

>>> import scapy
>>> from pprint import pformat
>>> pformat(dir(scapy))

The last line should print a lot of stuff. Do you see 'sr1', 'IP', and 'ICMP' there anywhere? If not, the example is at fault.

Try also help(scapy)

That's about how much I can help you without installing scapy and looking at your actual source-file myself.

kaleissin
+1  A: 

The scapy package is a tool for network manipulation and monitoring. I'm curious as to what you're trying to do with it. It's rude to spy on your friends. :-)

coventry@metta:~/src$ wget -q http://www.secdev.org/projects/scapy/files/scapy-latest.zip
coventry@metta:~/src$ unzip -qq scapy-latest.zip 
warning [scapy-latest.zip]:  61 extra bytes at beginning or within zipfile
  (attempting to process anyway)
coventry@metta:~/src$ find scapy-2.0.0.10 -name \*.py | xargs grep sr1
scapy-2.0.0.10/scapy/layers/dns.py:    r=sr1(IP(dst=nameserver)/UDP()/DNS(opcode=5,
scapy-2.0.0.10/scapy/layers/dns.py:    r=sr1(IP(dst=nameserver)/UDP()/DNS(opcode=5,
scapy-2.0.0.10/scapy/layers/inet6.py:from scapy.sendrecv import sr,sr1,srp1
scapy-2.0.0.10/scapy/layers/snmp.py:            r = sr1(IP(dst=dst)/UDP(sport=RandShort())/SNMP(community=community, PDU=SNMPnext(varbindlist=[SNMPvarbind(oid=oid)])),timeout=2, chainCC=1, verbose=0, retry=2)
scapy-2.0.0.10/scapy/layers/inet.py:from scapy.sendrecv import sr,sr1,srp1
scapy-2.0.0.10/scapy/layers/inet.py:            p = sr1(IP(dst=target, options="\x00"*40, proto=200)/"XXXXYYYYYYYYYYYY",timeout=timeout,verbose=0)
scapy-2.0.0.10/scapy/sendrecv.py:def sr1(x,filter=None,iface=None, nofilter=0, *args,**kargs):

According to the last line, sr1 is a function defined in scapy.sendrecv. Someone should file a documentation bug with the author.

fivebells
Since you asked, I'm actually need to learn how to use it effectively as homework for my security class :)
Chris Bunch
+2  A: 

I had the same problem, in the scapy v2.x use

 from scapy.all import *

instead the v1.x

 from scapy import *

as written here

Enjoy it =)

Emilio
Excellent find!
Gregg Lind