Installing Scapy on Windows

Scapy is primarily being developed for Unix-like systems and works best on those platforms. But a special port (Scapy-win) exists that allows you to use nearly all of Scapy's features on your Windows machine as well.

Download

You need the following software packages in order to install Scapy on Windows:

• Python: python-2.5.2.msi. I'm using Python 2.5. Scapy-win will work with Python 2.4 as well, but you will need all third-party extensions on this page compiled for v2.4.
• Scapy-win: latest version from the Mercurial repository. Right click and save to "C:\Python25\Lib\site-packages\scapy.py", or adjust to match your Python install directory.
• pywin32: pywin32-210.win32-py2.5.exe
• WinPcap: WinPcap_4_0_2.exe. Or if you want to use the ethernet vendor database to resolve MAC addresses, download Wireshark which already includes WinPcap.
• pypcap: pcap-1.1-scapy.win32-py2.5.exe. This is a special version for Scapy, as the original leads to some timing problems. For background info look here.
• libdnet: dnet-1.12.win32-py2.5.exe
• pyreadline: http://ipython.scipy.org/dist/pyreadline-1.5-win32-setup.exe

Just download the files and run the setup program. Choosing the default installation options should be safe.

For your convenience I have given direct links to the versions I used (for Python 2.5). If these links do not work or if you are using a different Python version, just visit the homepage of the respective package and look for a Windows binary. As a last resort, search the web for the filename. Or use the (somewhat older) Scapy version that Andrew Evans has compiled: His zip file includes the basic packages that you will need to run Scapy on Python 2.4.

After all packages are installed, open a command prompt (cmd.exe), change to the directory containing scapy.py and run Scapy with "python scapy.py" (or just "scapy.py"). For usage information see the interactive demo and the other documents on Scapy's homepage.

If really nothing seems to work, consider skipping the Windows version and using Scapy from a Linux Live CD -- either in a virtual machine on your Windows host or by booting from CDROM: Scapy is already included in grml and BackTrack for example. While using the Live CD you can easily upgrade to the lastest Scapy version (for Unix) by typing "cd /tmp && wget scapy.net".

Optional packages

For some special features you have to install more software.

Plotting (plot)

• GnuPlot: gp420win32.zip. Extract the zip file (e.g. to c:\gnuplot) and add the gnuplot\bin directory to your PATH.
• Numeric: Numeric-24.2.win32-py2.5.exe. Gnuplot-py needs Numeric.
• Gnuplot-py: gnuplot-py-1.7.zip. Extract to temp dir, open command prompt, change to tempdir and type "python setup.py install".

Example:

>>> p=sniff(count=50)
>>> p.plot(lambda x:len(x))

2D Graphics (psdump, pdfdump)

• Pyx: PyX-0.10.tar.gz. Extract to temp dir, open command prompt, change to tempdir and type "python setup.py install"
• MikTex: basic-miktex-2.6.2742.exe (52MB). Pyx needs a LaTeX installation. Choose an installation directory WITHOUT spaces (e.g. C:\!MikTex2.6) and add (INSTALLDIR)\miktex\bin subdirectory to your PATH.

Example:

>>> p=IP()/ICMP()
>>> p.pdfdump("test.pdf") 

Graphs (conversations)

• Graphviz: graphviz-2.12.exe. Add (INSTALLDIR)\ATT\Graphviz\bin to your PATH.

Example:

>>> p=readpcap("myfile.pcap")
>>> p.conversations(type="jpg", target="> test.jpg")

3D Graphics (trace3d)

• VPython: VPython-Win-Py2.5-3.2.11.exe

Example:

>>> a,u=traceroute(["www.python.org", "google.com","slashdot.org"])
>>> a.trace3D()

WEP decryption

• Pycrypto: pycrypto-2.0.1.win32-py2.5.zip

Example: (using this Weplap test file)

>>> enc=rdpcap("weplab-64bit-AA-managed.pcap")
>>> enc.show()
>>> enc[0]
>>> conf.wepkey="AA\x00\x00\x00"
>>> dec=Dot11PacketList(enc).toEthernet()
>>> dec.show()
>>> dec[0]

Fingerprinting

• Nmap. nmap-4.20-setup.exe. If you use the default installation directory, Scapy-win should automatically find the fingerprints file.
• Queso: queso-980922.tar.gz. Extract the tar.gz file (e.g. using 7-Zip) and put queso.conf into your Scapy directory

>>> nmap_fp("192.168.0.1")
Begin emission:
Finished to send 8 packets.

Received 19 packets, got 4 answers, remaining 4 packets
(0.88749999999999996, ['Draytek Vigor 2000 ISDN router'])

Screenshots

Known bugs

• You may not be able to capture WLAN traffic. Reasons are explained on the Wireshark wiki and in the WinPcap FAQ. Try switching off promiscuous mode with conf.sniff_promisc=False.
• Packets cannot be sent to localhost (or local IP addresses on your own host).
• The voip_play() functions do not work because they output the sound via /dev/dsp which is not available on Windows.

Credits

Many thanks to Zack Payton, Andrew Evans and all other Scapy-win hackers for making the Windows port of Scapy possible.

First version of this guide by Dirk Loss, 2007-07-29