whatisgithub

What is scapy?

secdev/scapy — explained in plain English

Analysis updated 2026-06-24

12,284PythonAudience · developerComplexity · 3/5LicenseSetup · moderate

In one sentence

A Python tool for building, sending, capturing, and analyzing network packets at a low level, usable as an interactive shell or as a library in your own scripts, covering dozens of protocols across Linux, macOS, and Windows.

Mindmap

mindmap
  root((Scapy))
    What it does
      Build custom packets
      Send and capture traffic
      Parse many protocols
    Usage modes
      Interactive shell
      Python library
    Protocols covered
      IP and ICMP
      TCP and UDP
      Wi-Fi frames
    Use cases
      Network scanning
      Security testing
      Traffic analysis
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan a local network to discover active hosts and open ports without installing separate tools like nmap.

USE CASE 2

Capture live network traffic and inspect packet contents for debugging or security analysis.

USE CASE 3

Send intentionally malformed or custom-crafted packets to test how network equipment responds to unusual input.

USE CASE 4

Write a Python script that performs a traceroute and processes the router replies programmatically.

What is it built with?

Python

How does it compare?

secdev/scapybmaltais/kohya_sskludex/starlette
Stars12,28412,26212,308
LanguagePythonPythonPython
Setup difficultymoderatehardeasy
Complexity3/54/53/5
Audiencedevelopergeneraldeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires root or admin privileges for raw packet operations, Windows requires additional packages like Npcap.

Free to use and modify, but any software that includes Scapy must also be released as open source under GPL v2.

So what is it?

Scapy is a Python tool for working with network packets at a low level. A packet is a small chunk of data that travels across a network, and every piece of internet communication, from loading a web page to sending an email, is made up of packets following specific rules called protocols. Scapy lets you build custom packets from scratch, send them over the network, capture incoming packets, and inspect or analyze what comes back. It can be used in two ways: as an interactive shell you run in a terminal, or as a library you import into your own Python scripts. In the shell, you can type commands to construct and send packets one at a time and immediately see the responses. For example, you can send a ping to a server and read back the reply's source IP address in a few lines. As a library, you can write scripts that automate more complex network tasks. Scapy knows how to build and parse a wide range of network protocols, which means it can handle many of the tasks that separate tools like ping, traceroute, nmap, tcpdump, and Wireshark each handle individually. The README notes that it can replace or replicate most of what those tools do, while also handling more unusual tasks they cannot, such as sending intentionally malformed packets or injecting custom Wi-Fi frames. Typical uses include network scanning to discover what devices and services are on a network, packet capture and analysis, testing how network equipment responds to unusual traffic, and security research. It requires Python 3.7 or newer and runs on Linux, macOS, BSD, and Windows. On Linux and BSD it works with no extra dependencies, Windows requires a few additional packages. The code is licensed under GPL v2.

Copy-paste prompts

Prompt 1
Using Scapy, write a Python script that sends an ICMP ping to a host and prints the round-trip time and source IP from the reply.
Prompt 2
Show me how to use Scapy to scan a subnet like 192.168.1.0/24 for active hosts using ARP requests and print a list of which IPs responded.
Prompt 3
I want to capture all HTTP packets on my local network interface with Scapy and print the destination host and request path for each one.
Prompt 4
Using Scapy, build a simple traceroute that sends UDP packets with increasing TTL values and records which routers reply at each hop.

Frequently asked questions

What is scapy?

A Python tool for building, sending, capturing, and analyzing network packets at a low level, usable as an interactive shell or as a library in your own scripts, covering dozens of protocols across Linux, macOS, and Windows.

What language is scapy written in?

Mainly Python. The stack also includes Python.

What license does scapy use?

Free to use and modify, but any software that includes Scapy must also be released as open source under GPL v2.

How hard is scapy to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is scapy for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.