Configure STP protocol via scapy

Question

I need to generate and STP traffic using scapy and when I visualize it via wireshark I get an output similar to the caption shown below: when I run this code:

from scapy.all import STP
import scapy
from scapy.all import *

data='STP'
sendp(Ether(dst="01:80:c2:00:00:00")/LLC(dsap=0xaa, ssap=0xaa)/STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002)/data, iface="eth1", count=200)

this is my wireshark output

I don't know how to change the organization code to 00:00:0c, because I believe it's the one who is making this problem

Answer 1

you forgot the layer SNAP

here are 2 exemples taht helped me debug:

• exemple 1: your code.
• exemple 2: added the SNAP layer

for both exemples:

from scapy.layers.inet import SNAP
from scapy.layers.l2 import Ether, LLC, STP
data = "STP"

exemple number1:

packet = (
    Ether(dst="01:80:c2:00:00:00")
    / LLC(dsap=0xAA, ssap=0xAA)
    / STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002)
    / data
)
packet.show2()

output:

###[ Ethernet ]### 
  dst       = 01:80:c2:00:00:00
  src       = 4c:d9:8f:77:3b:33
  type      = 0x8870
###[ LLC ]### 
     dsap      = 0xaa
     ssap      = 0xaa
     ctrl      = 3
###[ SNAP ]### 
        OUI       = 0x0
        code      = 0x1
###[ 802.3 ]### 
           dst       = 00:00:00:00:00:00
           src       = 00:00:00:00:00:00
           len       = 0
###[ Padding ]### 
              load      = '\x00\x00\x00\x00\x00\x00\x80\x02\x01\x00\x14\x00\x02\x00\x0f\x00STP'

Do you see how scapy decode a layer named SNAP right after the LLC layer? that makes the decoding all wrong after

so let's add it, so all the decoding will true:

exemple 2: add the SNAP layer

packet = (
    Ether(dst="01:80:c2:00:00:00")
    / LLC(dsap=0xAA, ssap=0xAA)
    / SNAP()
    / STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002)
    / data
)
packet.show2()

output:

###[ Ethernet ]### 
  dst       = 01:80:c2:00:00:00
  src       = 4c:d9:8f:77:3b:33
  type      = 0x8870
###[ LLC ]### 
     dsap      = 0xaa
     ssap      = 0xaa
     ctrl      = 3
###[ SNAP ]### 
        OUI       = 0x0
        code      = 0x10b
###[ Spanning Tree Protocol ]### 
           proto     = 0
           version   = 0
           bpdutype  = 0
           bpduflags = 1
           rootid    = 0
           rootmac   = 00:00:00:00:00:00
           pathcost  = 0
           bridgeid  = 0
           bridgemac = 00:00:00:00:00:00
           portid    = 32770
           age       = 1.0
           maxage    = 20.0
           hellotime = 2.0
           fwddelay  = 15.0
###[ Raw ]### 
              load      = 'STP'

it seems to look a lot better. I didn't try with wireshark, but at the least scapy seems happy with it.