Scapy is based on a stimulus/response model. This model does not work well for a TCP stack. On the other hand, quite often, the TCP stream is used as a tube to exchange messages that are stimulus/response-based.
Also, Scapy provides a way to describe network automata that can be used to create a TCP stack automaton.
There are many ways to use TCP with Scapy
Using the kernel’s TCP stack¶
Scapy provides a
StreamSocket object that can transform a simple
socket into a Scapy supersocket suitable for use with
>>> s=socket.socket() >>> s.connect(("www.test.com",80)) >>> ss=StreamSocket(s,Raw) >>> ss.sr1(Raw("GET /\r\n")) Begin emission: Finished to send 1 packets. * Received 1 packets, got 1 answers, remaining 0 packets <Raw load='<html>\r\n<head> ... >
Using kernel’s TCP stack means you’ll depend on your local firewall’s rules and the kernel’s routing table.
Scapy’s TCP client automaton¶
Scapy provides a simple TCP client automaton (no retransmits, no SAck, no timestamps, etc.). Automata can provide input and output in the shape of a supersocket (see Automata’s documentation).
Here is how to use Scapy’s TCP client automaton (needs at least Scapy v2.1.1).
TCP_client.tcplink is a
SuperSocket subclass, therefore all its functions (
.sniff(), …) are available.
>>> s = TCP_client.tcplink(Raw, "www.test.com", 80) >>> s.send("GET /\r\n") 7 >>> s.recv() <Raw load='<html>\r\n<head> ... >
specifically for HTTP, you could pass
HTTP instead of
Raw. More information over HTTP in Scapy.