Crafting S1AP packet using scapy

1
votes

Thanks in advance for any help. I am new to scapy (only 2nd day). I need to create packets and send to network interface, expected protocol stack is: ETH/IP/SCTP/S1AP/NAS. As I understand till SCTP this is a trivial task for scapy, however I have an issue. I am doing following:

eth_ip=Ether()/IP(src="192.168.1.1",dst="192.168.2.2")
sctp=SCTP(sport=1,dport=2,tag=0x0,chksum=1)
sctp_data=SCTPChunkData(len=4, tsn=1, stream_id=1, stream_seq=1, delay_sack=0, unordered=0, beginning=1, ending=1, proto_id=18, data="\x01" )
pkt1=eth_ip/sctp/sctp_data
wrpcap("sctp.pcap", pkt1)

So, I craft 1 packet and store it to PCAP, when I open in Wireshark it says that packet is malformed. I would expect to see Eth/ip/sctp/s1ap, of course s1ap message is incorrect, but issue is that I see malformed SCTP layer 3 times and no S1AP. Why? Does anybody have a valid SCTP Data Chunck example?

1
pythonscapysctp
Sounds like a bug. Scapy shouldn't be writing malformed pcaps even if you give some layers junk data. I would post this as an issue on scapy's repo (if this is reproducible).Ross Jacobs
If you give a layer junk data, Wireshark may well report the junk data as being "Malformed". The capture file itself isn't malformed, in the sense that it's not a valid example of the capture file format (pcap, pcapng, etc.). If the Scapy script is writing an invalid S1AP/NAS packet because some hand-crafted (i.e., not crafted by Scapy, crafted by the user) S1AP/NAS data isn't valid, that's not Scapy's problem.user13951124
Actually I think problem is only with SCTPChunckData, does anybody has a scapy code to craft one SCTP packet with Data Chunck?user2022952
I found an answer, the SCTPChunkData had incorrectly set field len=4, but in reality it should be 16. Solved.user2022952

1 Answers

0
votes

from scapy.layers.inet import Ether, IP
from scapy.layers.sctp import SCTP, SCTPChunkData


eth_ip = Ether() / IP(src="192.168.1.1",dst="192.168.2.2")
sctp = SCTP(sport=1,dport=2,tag=0x0)
sctp_data_payload = "    "
sctp_data_hdr = SCTPChunkData( data=sctp_data_payload )


pkt1 = eth_ip/sctp/sctp_data_hdr
pkt1.show2()

scapy.wrpcap("sctp.pcap", pkt1)

2 tips:

  • In general it is better let Scapy to put the protocol that links the layer. (unless you know the protocol well)
  • pkt1.show2(), will make scpy to build the packet, decode it then to print. You can see that the decoded is what you expect