scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

Scapy Fails to Reassemble Large MQTT CONNECT Packets with WILL message Across Multiple TCP Segments

Open arefehkr opened this issue 1 year ago • 0 comments

Brief description

While processing a pcap file containing MQTT traffic, I encountered an issue where Scapy fails to correctly reassemble large MQTT CONNECT packets that are fragmented across multiple TCP segments. This issue occurs when the CONNECT packet includes a large Will message (size 1514 bytes) that spans three TCP segments. Scapy handles the first TCP segment correctly but fails to combine it with the subsequent segments to form the complete CONNECT packet.

Scapy version

2.5.0

Python version

3.8

Operating system

Windows

Additional environment information

  • The first TCP segment of the CONNECT packet is processed correctly.
  • The second and third TCP segments are not combined with the first segment, resulting in incorrect packet interpretation.
  • Scapy outputs unrelated packet types (e.g., PUBREL, PUBCOMP).
  • I attached the scapy result that couldnt handle large WILL payload.
  • scapy_print.txt

How to reproduce

Here is the pcap file: WILL_DoS_selected.zip image

Actual result

No response

Expected result

No response

Related resources

No response

arefehkr avatar Nov 20 '24 20:11 arefehkr