通过 scapy 进行 STP 的 TLV VLAN 损坏或丢失

Question

我需要生成一个 STP 流量，但是当我通过 wireshark 捕获它时，它说 vlan 的 tlv (tag-length-value) 丢失并且 tlv 记录被提前截断 这是我的代码：

sendp(Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")/LLC(dsap=0xaa, ssap=0xaa, ctrl=3)/SNAP(OUI=0x0c, code=0x010b)/STP(rootid=8406, portid=0x802e, pathcost=19, rootmac="2c:33:11:53:85:80",bridgeid=32982, bridgemac="08:17:35:51:29:00")/data)

我添加了Dot1Q(vlan=214) =>

根标识符和桥标识符中的数据发生了变化，这是不希望的，出现了一个新问题，如上图所示 那么我应该在我的代码行中添加/删除什么来克服 tlv vlan 问题？

Answer 1

我认为你需要用 Ether 替换层 Dot3

这里有 3 个例子：

1. 你原来的 scapy 似乎很开心
2. 我认为你做了什么（我从“我添加了 Dot1Q(vlan=214) =>”推断）
3. 用 Ether 代替 Dot3

对于 3 个示例：

from scapy.layers.inet import SNAP
from scapy.layers.l2 import Ether, Dot3, Dot1Q, LLC, STP
data = "test"

示例编号 1：

packet = (
    Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
    / LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
    / SNAP(OUI=0x0C, code=0x010B)
    / STP(
        rootid=8406,
        portid=0x802E,
        pathcost=19,
        rootmac="2c:33:11:53:85:80",
        bridgeid=32982,
        bridgemac="08:17:35:51:29:00",
    )
    / data
)
packet.show2()

输出：

###[ 802.3 ]### 
  dst       = 01:00:0c:cc:cc:cd
  src       = 08:17:35:51:29:2e
  len       = 47
###[ LLC ]### 
     dsap      = 0xaa
     ssap      = 0xaa
     ctrl      = 3
###[ SNAP ]### 
        OUI       = 0xc
        code      = 0x10b
###[ Spanning Tree Protocol ]### 
           proto     = 0
           version   = 0
           bpdutype  = 0
           bpduflags = 0
           rootid    = 8406
           rootmac   = 2c:33:11:53:85:80
           pathcost  = 19
           bridgeid  = 32982
           bridgemac = 08:17:35:51:29:00
           portid    = 32814
           age       = 1.0
           maxage    = 20.0
           hellotime = 2.0
           fwddelay  = 15.0
###[ Raw ]### 
              load      = 'test'

示例 2：

vlan_packet = (
    Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
    / Dot1Q(vlan=214)
    / LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
    / SNAP(OUI=0x0C, code=0x010B)
    / STP(
        rootid=8406,
        portid=0x802E,
        pathcost=19,
        rootmac="2c:33:11:53:85:80",
        bridgeid=32982,
        bridgemac="08:17:35:51:29:00",
    )
    / data
)
vlan_packet.show2()

输出：

###[ 802.3 ]### 
  dst       = 01:00:0c:cc:cc:cd
  src       = 08:17:35:51:29:2e
  len       = 51
###[ LLC ]### 
     dsap      = 0x0
     ssap      = 0xd6
     ctrl      = 136
###[ Raw ]### 
        load      = 'p\xaa\xaa\x03\x00\x00\x0c\x01\x0b\x00\x00\x00\x00\x00 \xd6,3\x11S\x85\x80\x00\x00\x00\x13\x80\xd6\x08\x175Q)\x00\x80.\x01\x00\x14\x00\x02\x00\x0f\x00test'

=> 看看 scapy 是如何被这个数据包弄糊涂的？

我认为您需要发送的内容： 例 3：

vlan_packet = (
    Ether(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
    / Dot1Q(vlan=214)
    / LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
    / SNAP(OUI=0x0C, code=0x010B)
    / STP(
        rootid=8406,
        portid=0x802E,
        pathcost=19,
        rootmac="2c:33:11:53:85:80",
        bridgeid=32982,
        bridgemac="08:17:35:51:29:00",
    )
    / data
)
vlan_packet.show2()

输出：

###[ Ethernet ]### 
  dst       = 01:00:0c:cc:cc:cd
  src       = 08:17:35:51:29:2e
  type      = n_802_1Q
###[ 802.1Q ]### 
     prio      = 0
     id        = 0
     vlan      = 214
     type      = 0x8870
###[ LLC ]### 
        dsap      = 0xaa
        ssap      = 0xaa
        ctrl      = 3
###[ SNAP ]### 
           OUI       = 0xc
           code      = 0x10b
###[ Spanning Tree Protocol ]### 
              proto     = 0
              version   = 0
              bpdutype  = 0
              bpduflags = 0
              rootid    = 8406
              rootmac   = 2c:33:11:53:85:80
              pathcost  = 19
              bridgeid  = 32982
              bridgemac = 08:17:35:51:29:00
              portid    = 32814
              age       = 1.0
              maxage    = 20.0
              hellotime = 2.0
              fwddelay  = 15.0
###[ Raw ]### 
                 load      = 'test'

scapy 看起来更快乐