python-3.xprotocolsscapyspanning-tree

Configure STP protocol via scapy


I need to generate and STP traffic using scapy and when I visualize it via wireshark I get an output similar to the caption shown below: enter image description here when I run this code:

from scapy.all import STP
import scapy
from scapy.all import *

data='STP'
sendp(Ether(dst="01:80:c2:00:00:00")/LLC(dsap=0xaa, ssap=0xaa)/STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002)/data, iface="eth1", count=200)

this is my wireshark output

enter image description here I don't know how to change the organization code to 00:00:0c, because I believe it's the one who is making this problem


Solution

  • you forgot the layer SNAP

    here are 2 exemples taht helped me debug:

    for both exemples:

    from scapy.layers.inet import SNAP
    from scapy.layers.l2 import Ether, LLC, STP
    data = "STP"
    

    exemple number1:

    packet = (
        Ether(dst="01:80:c2:00:00:00")
        / LLC(dsap=0xAA, ssap=0xAA)
        / STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002)
        / data
    )
    packet.show2()
    

    output:

    ###[ Ethernet ]### 
      dst       = 01:80:c2:00:00:00
      src       = 4c:d9:8f:77:3b:33
      type      = 0x8870
    ###[ LLC ]### 
         dsap      = 0xaa
         ssap      = 0xaa
         ctrl      = 3
    ###[ SNAP ]### 
            OUI       = 0x0
            code      = 0x1
    ###[ 802.3 ]### 
               dst       = 00:00:00:00:00:00
               src       = 00:00:00:00:00:00
               len       = 0
    ###[ Padding ]### 
                  load      = '\x00\x00\x00\x00\x00\x00\x80\x02\x01\x00\x14\x00\x02\x00\x0f\x00STP'
    

    Do you see how scapy decode a layer named SNAP right after the LLC layer? that makes the decoding all wrong after

    so let's add it, so all the decoding will true:

    exemple 2: add the SNAP layer

    packet = (
        Ether(dst="01:80:c2:00:00:00")
        / LLC(dsap=0xAA, ssap=0xAA)
        / SNAP()
        / STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002)
        / data
    )
    packet.show2()
    

    output:

    ###[ Ethernet ]### 
      dst       = 01:80:c2:00:00:00
      src       = 4c:d9:8f:77:3b:33
      type      = 0x8870
    ###[ LLC ]### 
         dsap      = 0xaa
         ssap      = 0xaa
         ctrl      = 3
    ###[ SNAP ]### 
            OUI       = 0x0
            code      = 0x10b
    ###[ Spanning Tree Protocol ]### 
               proto     = 0
               version   = 0
               bpdutype  = 0
               bpduflags = 1
               rootid    = 0
               rootmac   = 00:00:00:00:00:00
               pathcost  = 0
               bridgeid  = 0
               bridgemac = 00:00:00:00:00:00
               portid    = 32770
               age       = 1.0
               maxage    = 20.0
               hellotime = 2.0
               fwddelay  = 15.0
    ###[ Raw ]### 
                  load      = 'STP'
    

    it seems to look a lot better. I didn't try with wireshark, but at the least scapy seems happy with it.