I wanted to learn how to use scapy, specifically to craft some packets that could confuse IDS operators at a blue team/red team exercise at SANS Boston. Now, I’ve used packETH for this before (and it works like a charm), but I wanted to learn something that could be scripted on the command line.
So I installed scapy from the repositories in Ubuntu (or I could have fetched it from the above link). I wanted to play around and craft some ICMP ping packets with custom payloads, just to see if the IDS guys in the other room really was listening on the wire:
ans,unans = sr(IP(dst="10.246.144.1-254")/ICMP()/"PING! If you can read this, you're on the *wrong* OSI layer. O_o Zombies ahead!! Greetings from the SEC542 class")