0

when I try to modify IP header field using Scapy and write the modified packet to pcap using wrpcap, the Ethernet Padding layer is changed to Raw.

The packet's show function shows the Padding layer: pktn.show()

###[ Padding ]### load = '\x00\x00\x00\x00\x00\x00'

But the packet's show2 function shows Raw layer: pktn.show2()

###[ Raw ]### load = '\x00\x00\x00\x00\x00\x00'

Any idea why is this and how to keep the Padding layer? Otherwise the Padding bytes are recognized as TCP payload by Wireshark.

Thanks1

Zhen
  • 1
  • 2
  • can you provide more code? What are you modifying and how? – fgagnaire Aug 18 '20 at 03:17
  • Part of the codes is below. I am trying to write the code to modify the IP header fields to replace the old value with new value based on input. If the original packet does not have Ethernet layer padding, it is fine. If the original packet has padding at Ethernet layer, the padding will show as "###[ Raw ]### load" rather than "###[ Padding ]### load" from the show2 function, then the padding are incorrectly classified as TCP palyload in the modified packet. Hope this clear. – Zhen Aug 18 '20 at 15:58
  • for pkt in self.packets: c = pp.sortPackets(pkt,'IP') if c == str(sorted(self.inputSession,key=str)): for i in range(len(self.fields)): if self.fields[i] in ['src','dst']: if pkt['IP'].src == self.oldValues[i]: pkt['IP'].src = self.newValues[i] elif pkt['IP'].dst == self.oldValues[i]: pkt['IP'].dst = self.newValues[i] – Zhen Aug 18 '20 at 15:59
  • please modify the question, instead of adding info in the comments – fgagnaire Aug 18 '20 at 17:10

1 Answers1

0

OK. I finally figured that this line of code is causing the issue after I changed the header fields:

pkt[IP].len = len(pkt['IP'])

I tried to use this code to assign the IP header length to the new packet, but it seems it is causing this issue, and without this line, the IP header length is just fine for the new packet. I still don't quite understand the reason behind this, but it seems the issue is resolved.

Thanks!

Zhen
  • 1
  • 2