wireshark - 通过 scapy 进行 STP 的 TLV VLAN 损坏或丢失
问题描述
我需要生成一个 STP 流量,但是当我通过 wireshark 捕获它时,它说 vlan 的 tlv (tag-length-value) 丢失并且 tlv 记录被提前截断这是我的代码:
sendp(Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")/LLC(dsap=0xaa, ssap=0xaa, ctrl=3)/SNAP(OUI=0x0c, code=0x010b)/STP(rootid=8406, portid=0x802e, pathcost=19, rootmac="2c:33:11:53:85:80",bridgeid=32982, bridgemac="08:17:35:51:29:00")/data)
我加了Dot1Q(vlan=214)=>
根标识符和网桥标识符中的数据发生了变化,这是不需要的,并且出现了一个新问题,如上图所示,那么我应该在我的代码行中添加/删除什么来克服 tlv vlan 问题?
解决方案
我认为你需要用 Ether 替换层 Dot3
这里有3个例子:
- 你原来的,scapy 似乎很高兴
- 我认为你做了什么(我从“我添加了 Dot1Q(vlan=214)=>”推断)
- 用 Ether 代替 Dot3
对于 3 个示例:
from scapy.layers.inet import SNAP
from scapy.layers.l2 import Ether, Dot3, Dot1Q, LLC, STP
data = "test"
示例 1:
packet = (
Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
/ LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
/ SNAP(OUI=0x0C, code=0x010B)
/ STP(
rootid=8406,
portid=0x802E,
pathcost=19,
rootmac="2c:33:11:53:85:80",
bridgeid=32982,
bridgemac="08:17:35:51:29:00",
)
/ data
)
packet.show2()
输出:
###[ 802.3 ]###
dst = 01:00:0c:cc:cc:cd
src = 08:17:35:51:29:2e
len = 47
###[ LLC ]###
dsap = 0xaa
ssap = 0xaa
ctrl = 3
###[ SNAP ]###
OUI = 0xc
code = 0x10b
###[ Spanning Tree Protocol ]###
proto = 0
version = 0
bpdutype = 0
bpduflags = 0
rootid = 8406
rootmac = 2c:33:11:53:85:80
pathcost = 19
bridgeid = 32982
bridgemac = 08:17:35:51:29:00
portid = 32814
age = 1.0
maxage = 20.0
hellotime = 2.0
fwddelay = 15.0
###[ Raw ]###
load = 'test'
示例 2:
vlan_packet = (
Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
/ Dot1Q(vlan=214)
/ LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
/ SNAP(OUI=0x0C, code=0x010B)
/ STP(
rootid=8406,
portid=0x802E,
pathcost=19,
rootmac="2c:33:11:53:85:80",
bridgeid=32982,
bridgemac="08:17:35:51:29:00",
)
/ data
)
vlan_packet.show2()
输出:
###[ 802.3 ]###
dst = 01:00:0c:cc:cc:cd
src = 08:17:35:51:29:2e
len = 51
###[ LLC ]###
dsap = 0x0
ssap = 0xd6
ctrl = 136
###[ Raw ]###
load = 'p\xaa\xaa\x03\x00\x00\x0c\x01\x0b\x00\x00\x00\x00\x00 \xd6,3\x11S\x85\x80\x00\x00\x00\x13\x80\xd6\x08\x175Q)\x00\x80.\x01\x00\x14\x00\x02\x00\x0f\x00test'
=> 看看 scapy 是如何被这个数据包弄糊涂的?
我认为您需要发送的内容:示例 3:
vlan_packet = (
Ether(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
/ Dot1Q(vlan=214)
/ LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
/ SNAP(OUI=0x0C, code=0x010B)
/ STP(
rootid=8406,
portid=0x802E,
pathcost=19,
rootmac="2c:33:11:53:85:80",
bridgeid=32982,
bridgemac="08:17:35:51:29:00",
)
/ data
)
vlan_packet.show2()
输出:
###[ Ethernet ]###
dst = 01:00:0c:cc:cc:cd
src = 08:17:35:51:29:2e
type = n_802_1Q
###[ 802.1Q ]###
prio = 0
id = 0
vlan = 214
type = 0x8870
###[ LLC ]###
dsap = 0xaa
ssap = 0xaa
ctrl = 3
###[ SNAP ]###
OUI = 0xc
code = 0x10b
###[ Spanning Tree Protocol ]###
proto = 0
version = 0
bpdutype = 0
bpduflags = 0
rootid = 8406
rootmac = 2c:33:11:53:85:80
pathcost = 19
bridgeid = 32982
bridgemac = 08:17:35:51:29:00
portid = 32814
age = 1.0
maxage = 20.0
hellotime = 2.0
fwddelay = 15.0
###[ Raw ]###
load = 'test'
scapy看起来更开心
推荐阅读
- linux - 我在 EC2 linux 上从 docker hub 运行开放清漆映像,如何启用清漆日志记录?
- mdx - Crossjoin 中的 MDX 排序顺序
- java - aspectj 抛出 ClassCastException
- c# - 有没有办法从 log4net c# 中隐藏主文件?
- angular - 当路由中有参数时,如何根据活动路由动态更改 Angular 8 标题
- google-earth-engine - 如何通过从 FeatureCollection 中选择来创建单个 Feature?
- javascript - element.focus() 在 Firefox 和 Edge 与 Chrome 中有所不同
- reactjs - 如何使用 React Navigation 5 在 Action Creators 中导航到屏幕
- python - 如何使用上次检查时间而不是日期搜索邮箱?
- java - 从 Hibernate Optimistic Locking 异常中恢复