TCP Null Scan using Scapy

Can someone guide me on how to send packets in Scapy to an ip address, with all flags in the TCP header set to null ? I have so far tried sending packets without specifying which flags to set, but it seems to set the Syn flag everytime I send the packet.

I would like to know i开发者_如何学运维t so that I can learn more about TCP Null Scans. Would be grateful for ur help and guidance.

I haven't used Scapy, but from a quick scan of the documentation there is an example of creating a TCP packet while specifying which flags to set, on this page of the docs:

http://www.secdev.org/projects/scapy/doc/usage.html#simple-one-liners

sr( IP(dst="192.168.1.*")/TCP(dport=80,flags="S") )

Perhaps you could try a command like that, with an empty string ""? i.e. TCP(dport=80,flags="") ?

If you don't want to actually send a TCP header, you'd be better off just setting the protocol of the IP packet and gluing a string of zeros on top of it.

sr( IP(dst="192.168.1.", proto="TCP")/"\0"*50)

Edit: I'm not actually positive on the syntax, you might have to use the protocol number instead of "TCP"

Thank you Andy and Jdizzle for the suggestions.

I tried out what Andy Recommended earlier itself, but the packet somehow seemed to have the Syn Flag set, when i checked it on wireshark.

The good news is, i solved the problem, the flags can be set to null, at the instance when you create the packet to be sent.

create a packet --> a=TCP() and then setting the flag to zero by --> a.flags=0 there are many other attributes that you can preset in this manner before preparing the packet to be sent over the network. You can view these attributes by --> ls(a)

where a=the name of the packet.

This worked successfully !