I am trying to generate an STP packet and to capture it with wireshark, this is my code:
from scapy.all import STP
import scapy
from scapy.all import *
sendp(Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")/LLC(dsap=0xaa, ssap=0xaa)/SNAP(OUI=0x0c, code=0x010b)/STP(), iface="eth1", count=200)
I have been able to generate the desired output but I got an error in wireshark
Are there some fields that I should add in the sendp command?
I ran a few things, to see why.
is it not a problem of padding. I try to pad the packet to 60B as mandatory in network. (your wiresahrd says captured 57B so it is under). It has never been a problem for me, but I had to check.
I open an exemple capture from wireshark. https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=stp.pcap I opened the 1st packet using wireshar (and it was happy), then opened it using scapy:
from scapy.utils import rdpcap
packets = rdpcap("/home/fgagnaire/Downloads/stp.pcap") packets[0].show()
the output:
###[ 802.3 ]###
dst = 01:80:c2:00:00:00
src = 00:1c:0e:87:85:04
len = 38
###[ LLC ]###
dsap = 0x42
ssap = 0x42
ctrl = 3
###[ Spanning Tree Protocol ]###
proto = 0
version = 0
bpdutype = 0
bpduflags = 0
rootid = 32868
rootmac = 00:1c:0e:87:78:00
pathcost = 4
bridgeid = 32868
bridgemac = 00:1c:0e:87:85:00
portid = 32772
age = 1.0
maxage = 20.0
hellotime = 2.0
fwddelay = 15.0
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00'
now it looks like they are building the without the layer SNAP.
try to build without the SNAP layer:
from scapy.layers.inet import SNAP
from scapy.layers.l2 import LLC, STP, Dot3
from scapy.packet import Padding
from scapy.utils import wrpcap
packets = []
packet = Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e") / LLC() / STP()
wrpcap("/tmp/test_file.pcap", packets)
This makes wireshark happy. It also helps me understand that you question is not about STP but PVSTP+.
if your question is about PVSTP+, then I don't think scapy supports it out of the box. you have to build the layer yourself.
