Install and Run Scapy on Mac OS X 10.10 (Yosemite)

Scapy on Yosemite

There seems to be quite a few people trying to get Scapy installed and running on Yosemite.

Scapy is getting kind of old and as a result, as of the writing of this article, there doesn’t seem to be a user-friendly way to get it working on the latest reincarnation of OS X.

While Googling for a solution, I stumbled upon a post from juhnu describing a procedure to get Scapy installed on an older version of Mac OS and I decided to give it a go, just for fun.

By the end of the exercise, I had a broken install that I managed to get up and running with slight modifications of juhnu’s procedure.

Dependencies

Let’s start by getting the dependencies out of the way, before we jump into Scapy’s own installation. As you may know, you will need at least Mac OS X Command Line Tools and most probably Xcode, in order to build the necessary packages.

Building libdnet

As of the writing of this post, the latest version of libdnet is 1.12. So let’s go ahead and download, build and install it:

I have highlighted for you line 7, which contains a key element in this game. You must explicitly use python2.6 here (and everywhere else in this tutorial). Yosemite defaults to python 2.7 and your dear friend Scapy won’t like it!

Installing pylibpcap

Let’s install pylibpcap, a python module for the legendary libpcap packet capture library. As of the writing of this article, the latest version is 0.6.4.

Here again, make sure to use python2.6 on line 4 when installing pylibpcap.

Installing Scapy

Up to here, you should already be able to install and run Scapy on your Yosemite machine. There are some other optional libraries that will give you additional functionality and we will take care of those after installing Scapy. As of the writing of this article, wget scapy.net will get you version 2.2 of Scapy. If you find yourself with a different version, you will want to adjust line 3 of the following block accordingly:

Once again, I cannot stress how important it is to run python2.6 and not simply python, as highlighted in line 4.

In its current state, you should be able to run Scapy just fine, although it will complain with some warnings. Just make sure to use sudo if you’re planning to inject packets.

Installing Additional Libraries

You can get rid of most of the warnings by installing 3 additional libraries that will give you the possibility to decrypt WEP trafic, make impressive graphical PostScript/PDF dumps of a packet or a list of packets or even plot IP ID patterns.

Installing pycrypto

Get yourself the latest version of pycrypto (2.6.1 as of the writing of this article) and proceed to install:

Again, notice the use of python2.6 (sorry for being so insistent…).

Installing gnuplot-py

The latest available version of gnuplot-py at the moment of the writing of this article is 1.8. Get it from the website and proceed to install (if you use Safari to download, it will decompress the archive and you will end up with just a tarball):

 Installing PyX

For this library, we’ll make an exception and we will not install the latest version. As of the writing of this article, the latest version of PyX is 0.13. However, this version is only compatible with Python 3 and therefore, it will not work with our Scapy install. So you will want to get version 0.12.1 which is the latest version available to be compatible with Python 2.6. Go ahead and download the file from the website and comeback here to finish the install:

Did you notice the python2.6 for the last two libraries? Just checking 😉

There you go. Your Scapy should be ready to go. When you run Scapy (with sudo… don’t forget), you might be greeted with these 3 warning:

You may safely ignore these warnings. Happy Scaping!

Leave a Reply

Your email address will not be published. Required fields are marked *

*