scapy PcapReader cut short

1
votes

I'm trying to rewrite a pcap file with different IP and IPv6 addresses. But after I extract a packt by PcapReader and change its IP adresses, the packets in the output pcap file is cut short (that is to say the payload of the packet is lost). Here's the example code:

from scapy.all import PcapReader
from scapy.all import PcapWriter

def test():
    f = "input.pcap"
    writers = PcapWriter("output.pcap")

    with PcapReader(f) as pcap_reader:
        for pkt in pcap_reader:
            # somehow change the IP address
            writers.write(pkt=pkt)

test()

When I open the .pcap file with WireShark, it shows "The capture file appears to have been cut short in the middle of a packet". Is there any solution in scapy to maintain the payload or is there any other python packets to recommand?

here I did not change anything and the results are like this: input file: enter image description here

output file: enter image description here

1
pythonscapypcap

1 Answers

0
votes

I think the problem must be in the code you use to modify the packet (and which you did not show) or that your source file already had short packets (i.e. snaplen less than packet len). The following code works for me without problems:

from scapy.all import PcapReader,PcapWriter,IP
writer = PcapWriter('output.pcap')
for pkt in PcapReader('input.pcap'):
    # somehow change the IP address
    pkt[IP].dst = '1.2.3.4'
    pkt[IP].src = '5.6.7.8'
    writer.write(pkt=pkt)