Exam PT1-002 topic 1 question 16 discussion

Scapy is the tool used to craft tcp packets. https://0xbharath.github.io/art-of-packet-crafting-with-scapy/scapy/creating_packets/index.html NMAP is not use to craft packets. The Answer should be C

Nmap: an open source tool for network scanning tcpdump: catch the packets and show the network traffic hping3: like a ping, can analize a network, but with more functionality. Can manipulate de TCP header, but not so flexible and powerful like Scapy for the programmatic packet manipulation the solution is Scapy: a powerful tool for manipulize packets and decode/create/send network packet.

Scapy is a powerful Python-based interactive packet manipulation program and library. It allows security professionals to create, send, and receive network packets at different layers of the network stack, including the ability to manipulate TCP header fields and payload. With Scapy, the security professional can construct custom packets with arbitrary values for fields such as TCP header length and checksum. They can then send these crafted packets to the IoT device's proprietary service on TCP port 3011 and observe the response.

hping3 is scriptable using the Tcl language. but, Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, …. In scapy you define a set of packets, then it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

c correct

NOT NMAP, not for changing packets.

correct answer

Scapy will do the task better.

C- Scapy https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy

C is correct