Using Scapy during an investigation
Another great Python-based tool to analyze and manipulate the network traffic is Scapy. According to the developer website, http://www.secdev.org/projects/scapy/:
"Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more."
Scapy differs from the standard tools (and also from Dshell) by providing an investigator with the ability to write small Python scripts that can manipulate or analyze the network traffic—either in a recorded form or in real-time. Furthermore, Scapy has the ability to perform deep packet dissection, passive OS fingerprinting, or plotting via third-party tools, such as GnuPlot, as built-in features are already available.
The following Python script, which is taken from Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis, SANS Institute...
 
                                             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
     
         
                 
                 
                 
                 
                 
                 
                 
                 
                