TLV VLAN corrupted or missing for STP via scapy

Question

i need to generate an STP traffic but when I capture it via wireshark it says that tlv (tag-length-value) of the vlan is missing and tlv record is truncated prematurely this is my code:

sendp(Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")/LLC(dsap=0xaa, ssap=0xaa, ctrl=3)/SNAP(OUI=0x0c, code=0x010b)/STP(rootid=8406, portid=0x802e, pathcost=19, rootmac="2c:33:11:53:85:80",bridgeid=32982, bridgemac="08:17:35:51:29:00")/data)

I added Dot1Q(vlan=214) =>

the data in root identifier and bridge identifier changed, which is not desired and a new problem appeared as shown in the picture above so what should I add/delete in my line of code to overcome the tlv vlan problem?

Answer 1

I think taht you need to replace the layer Dot3 by Ether

here are 3 exemples:

1. your original, scapy seems happy
2. what I think you did (I inferred from "I added Dot1Q(vlan=214) =>")
3. replace of Dot3 by Ether

for the 3 exemples:

from scapy.layers.inet import SNAP
from scapy.layers.l2 import Ether, Dot3, Dot1Q, LLC, STP
data = "test"

exemple number 1:

packet = (
    Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
    / LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
    / SNAP(OUI=0x0C, code=0x010B)
    / STP(
        rootid=8406,
        portid=0x802E,
        pathcost=19,
        rootmac="2c:33:11:53:85:80",
        bridgeid=32982,
        bridgemac="08:17:35:51:29:00",
    )
    / data
)
packet.show2()

output:

###[ 802.3 ]### 
  dst       = 01:00:0c:cc:cc:cd
  src       = 08:17:35:51:29:2e
  len       = 47
###[ LLC ]### 
     dsap      = 0xaa
     ssap      = 0xaa
     ctrl      = 3
###[ SNAP ]### 
        OUI       = 0xc
        code      = 0x10b
###[ Spanning Tree Protocol ]### 
           proto     = 0
           version   = 0
           bpdutype  = 0
           bpduflags = 0
           rootid    = 8406
           rootmac   = 2c:33:11:53:85:80
           pathcost  = 19
           bridgeid  = 32982
           bridgemac = 08:17:35:51:29:00
           portid    = 32814
           age       = 1.0
           maxage    = 20.0
           hellotime = 2.0
           fwddelay  = 15.0
###[ Raw ]### 
              load      = 'test'

exemple number 2:

vlan_packet = (
    Dot3(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
    / Dot1Q(vlan=214)
    / LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
    / SNAP(OUI=0x0C, code=0x010B)
    / STP(
        rootid=8406,
        portid=0x802E,
        pathcost=19,
        rootmac="2c:33:11:53:85:80",
        bridgeid=32982,
        bridgemac="08:17:35:51:29:00",
    )
    / data
)
vlan_packet.show2()

output:

###[ 802.3 ]### 
  dst       = 01:00:0c:cc:cc:cd
  src       = 08:17:35:51:29:2e
  len       = 51
###[ LLC ]### 
     dsap      = 0x0
     ssap      = 0xd6
     ctrl      = 136
###[ Raw ]### 
        load      = 'p\xaa\xaa\x03\x00\x00\x0c\x01\x0b\x00\x00\x00\x00\x00 \xd6,3\x11S\x85\x80\x00\x00\x00\x13\x80\xd6\x08\x175Q)\x00\x80.\x01\x00\x14\x00\x02\x00\x0f\x00test'

=> see how scapy is confused by this packet?

what I think you need to send: exemple 3:

vlan_packet = (
    Ether(dst="01:00:0c:cc:cc:cd", src="08:17:35:51:29:2e")
    / Dot1Q(vlan=214)
    / LLC(dsap=0xAA, ssap=0xAA, ctrl=3)
    / SNAP(OUI=0x0C, code=0x010B)
    / STP(
        rootid=8406,
        portid=0x802E,
        pathcost=19,
        rootmac="2c:33:11:53:85:80",
        bridgeid=32982,
        bridgemac="08:17:35:51:29:00",
    )
    / data
)
vlan_packet.show2()

output:

###[ Ethernet ]### 
  dst       = 01:00:0c:cc:cc:cd
  src       = 08:17:35:51:29:2e
  type      = n_802_1Q
###[ 802.1Q ]### 
     prio      = 0
     id        = 0
     vlan      = 214
     type      = 0x8870
###[ LLC ]### 
        dsap      = 0xaa
        ssap      = 0xaa
        ctrl      = 3
###[ SNAP ]### 
           OUI       = 0xc
           code      = 0x10b
###[ Spanning Tree Protocol ]### 
              proto     = 0
              version   = 0
              bpdutype  = 0
              bpduflags = 0
              rootid    = 8406
              rootmac   = 2c:33:11:53:85:80
              pathcost  = 19
              bridgeid  = 32982
              bridgemac = 08:17:35:51:29:00
              portid    = 32814
              age       = 1.0
              maxage    = 20.0
              hellotime = 2.0
              fwddelay  = 15.0
###[ Raw ]### 
                 load      = 'test'

scapy looks happier