This chapter will introduce you to some of the basics of analyzing network traffic using the pcapy and scapy modules in Python. These modules provide an investigator with the ability to write small Python scripts that can investigate network traffic. An investigator can write scapy scripts to investigate either realtime traffic by sniffing a promiscuous network interface, or load previously-captured pcap files.
The following topics will be covered in this chapter:
- Capturing and injecting packets on the network with the pcapy package
- Capturing, analyzing, manipulating, and injecting network packets with the scapy package
- Port-scanning and traceroute in a network with the scapy package
- Reading a pcap file with the scapy package