I use F5 Networks Big-IP products that add a custom Ethernet II trailer frame for debugging purposes. I am trying to use Scapy to bind a new layer for this trailer, but I cannot do this.
I can see the payload of interest to the Padding field, but using bind_layers does not properly expand the required Padding section.
class MyEthTrailer(Packet): name = "Ethernet Trailer" fields_desc = [
One of the solutions I was thinking about was to create a new Ethernet replacement class (or overloaded), which I can then call the typical Ethernet payload and my new trailer. But I'm not a super Python / scapy programmer, and I'm not sure if this is the best option.
This is how Scapy currently displays my package after applying bind_layers (TCP, MyEthTrailer). The information I should have is in the fill class
<Ether dst=00:00:00:00:00:00 src=00:00:00:00:00:01 type=0x8100 |<Dot1Q prio=0L id=0L vlan=01L type=0x800 |<IP version=4L ihl=5L tos=0x0 len=67 id=1 flags=DF frag=0L ttl=255 proto=tcp chksum=0x01 src=10.0.0.1 dst=10.0.1.1 options=[] |<TCP sport=1111 dport=https seq=1 ack=1 dataofs=5L reserved=0L flags=PA window=4380 chksum=0xb718 urgptr=0 options=[] |<MyEthTrailer |<Padding load='\xPayload of MyEtherTrailer' |>>>>>>
[UPDATE-1]
I can force TCP to decode the SYN packet by calling:
packet[TCP].decode_payload_as(MyEthTrailer)
However, the bind_layers method does not seem to work automatically, and it does not work with a more complex package, as it mixes TCP Padding with the MyEthTrailer payload.
[UPDATE-2]
I got a bit of work, but each package must be loaded correctly, then I can read the trailer payload and decode it. For example, if the packet is TCP / DNS / MyEthTrailer, this will work. If I donβt know its DNS and it is not configured properly, it still mixes in the TCP and Padding payloads.
Your help is appreciated.