Scapy Ethernet padding layer lost when write to pcap file

0
votes

when I try to modify IP header field using Scapy and write the modified packet to pcap using wrpcap, the Ethernet Padding layer is changed to Raw.

The packet's show function shows the Padding layer: pktn.show()

###[ Padding ]### load = '\x00\x00\x00\x00\x00\x00'

But the packet's show2 function shows Raw layer: pktn.show2()

###[ Raw ]### load = '\x00\x00\x00\x00\x00\x00'

Any idea why is this and how to keep the Padding layer? Otherwise the Padding bytes are recognized as TCP payload by Wireshark.

Thanks1

1
paddingscapyethernet
can you provide more code? What are you modifying and how? - fgagnaire
Part of the codes is below. I am trying to write the code to modify the IP header fields to replace the old value with new value based on input. If the original packet does not have Ethernet layer padding, it is fine. If the original packet has padding at Ethernet layer, the padding will show as "###[ Raw ]### load" rather than "###[ Padding ]### load" from the show2 function, then the padding are incorrectly classified as TCP palyload in the modified packet. Hope this clear. - Zhen
for pkt in self.packets: c = pp.sortPackets(pkt,'IP') if c == str(sorted(self.inputSession,key=str)): for i in range(len(self.fields)): if self.fields[i] in ['src','dst']: if pkt['IP'].src == self.oldValues[i]: pkt['IP'].src = self.newValues[i] elif pkt['IP'].dst == self.oldValues[i]: pkt['IP'].dst = self.newValues[i] - Zhen
please modify the question, instead of adding info in the comments - fgagnaire

1 Answers

0
votes

OK. I finally figured that this line of code is causing the issue after I changed the header fields:

pkt[IP].len = len(pkt['IP'])

I tried to use this code to assign the IP header length to the new packet, but it seems it is causing this issue, and without this line, the IP header length is just fine for the new packet. I still don't quite understand the reason behind this, but it seems the issue is resolved.

Thanks!