scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Write out of pcap is incorrect when altering the length of an IE (dot11.py)

Open rkinder2023 opened this issue 1 year ago • 0 comments

Brief description

I am not sure if this is expected behaviour or not, but writing back PCAP files gives an erroneous PCAP file when some part of the packet changes in length. In this case it's dot11.py and changing an IE length.

Full details provided below.

Scapy version

86f034b61f9f2d44225d8437ddd36472c7cf6257

Python version

3.12.2

Operating system

MacOS Sonoma 14.4

Additional environment information

No response

How to reproduce

Sample script:

from scapy.all import *

x = PcapReader("single-beacon.pcap")
nbcn = x.read_packet()
nbcn[Dot11Elt::{"ID":0}].info = b'some long SSID to change length'
nbcn[Dot11Elt::{"ID":0}].len = None

wrpcap("modified-beacon.pcap", nbcn)

Input pcap: single-beacon.pcap.gz

Output pcap: modified-beacon.pcap.gz

Error from Wireshark: Screenshot 2024-08-14 at 10 36 08 AM

Expected beacon: modified-beacon-correct.pcap.gz

No error in Wireshark: Screenshot 2024-08-14 at 10 41 53 AM

Diff which seems to fix this:

diff --git a/scapy/packet.py b/scapy/packet.py
index 0e096b2c..e0b93bdf 100644
--- a/scapy/packet.py
+++ b/scapy/packet.py
@@ -497,6 +497,7 @@ class Packet(
             self.raw_packet_cache = None
             self.raw_packet_cache_fields = None
             self.wirelen = None
+            self.firstlayer().wirelen = None
         elif attr == "payload":
             self.remove_payload()
             self.add_payload(val)

Actual result

No response

Expected result

No response

Related resources

No response

rkinder2023 avatar Aug 14 '24 00:08 rkinder2023