Scapy is a tool that can be used to craft and inject custom packets into a network. We will begin by using Scapy to scan for active UDP services. This can be done by sending an empty UDP packet to destination ports and then identifying the ports that do not respond with an ICMP port-unreachable response.

Next, we will use Scapy to perform a TCP stealth scan. A TCP port stealth scan performs a partial, three-way TCP handshake on target ports to identify whether the ports are accepting connections or not. This type of scan is referred to as a stealth scan, SYN scan, or half-open scan.

Next, we will use Scapy to perform a TCP connect scan. Generally, TCP connect scanning is an easier process than SYN scanning. This is because TCP connect scanning does not require the elevated privileges that are needed to generate and inject the raw packets used in SYN scanning. Scapy is the one major exception to this. It is actually very difficult and impractical to perform a full, three-way TCP handshake with Scapy. However, for the sake of understanding the process better, we will see how to use Scapy to perform a connect scan.

Finally, we will use Scapy to perform zombie scans. It is possible to identify the open ports on a target system without ever giving that system any indication that you interacted with it. This extremely stealthy form of scanning is referred to as zombie scanning and can only be performed if another system exists on the network that has low network activity and incremental IPID sequencing.