To attempt to perform a traditional smurf attack, Scapy can be used to build the necessary packets from scratch:

1. To use Scapy from the Kali Linux command line, use the scapy command from a Terminal; this is shown in the following screenshots. To send an ICMP request to the broadcast address, we must first build the layers of this request. The first layer that we will need to construct is the IP layer:

2. To build the IP layer of our request, we should assign the IP object to the variable i. By calling the display() function, we can identify the attribute configurations for the object. By default, both the sending and receiving addresses are set to the loopback address of 127.0.0.1. These values can be modified by changing the destination address by setting i.dst equal to the string value of the broadcast address. By calling the display() function again, we can see that not only has the destination address been updated, but Scapy will also automatically update the source IP address to the address associated with the default interface.

3. Now that we have constructed the IP layer of the request, we should proceed to the ICMP layer:

4. To build the ICMP layer of our request, we will use the same technique as we did for the IP layer. By default, the ICMP layer is already configured to perform an echo request.
5. Now that we have created both the IP and ICMP layers, we need to construct the request by stacking these layers:

6. The IP and ICMP layers can be stacked by separating the variables with a forward slash. These layers can then be set equal to a new variable that will represent the entire request. The display() function can then be called to view the configurations for the request. Once the request has been built, it can then be passed to the function. A packet-capture utility such as Wireshark or TCPdump can be used to monitor the result. In the example provided, Wireshark reveals that two of the IP addresses on the LAN responded to the broadcast echo request:

7. In reality, two responsive addresses are not sufficient to perform an effective DoS attack. If this exercise is replicated in another lab with semimodern hosts, it is likely that the results will be similar. In the case that there were enough responsive addresses to trigger a denial of service, the source address would need to be substituted for the IP address of the attack target:

8. In the example provided, a one-line command in Scapy is used to perform the same action as we had discussed earlier, except this time with the source IP address spoofed to the address of another system on the LAN. Additionally, the count value can be used to send multiple requests in sequence.