Scapy sets all packets to BROWSER and interates through IPs

Question

I am trying to replay a recorded packet traffic with edited Ips and Mac addresses. The appropriate packets were not reieved, so I checked what Scapy was creating by writing the produced packets to a file.Whenever I use this code:

from scapy.all import *
from scapy.utils import rdpcap
#This code reads packet data from the pcap file supplied, and then edits the packets.
pkts = rdpcap("Zeus.pcap")
for pkt in pkts:
    pkt[Ether].src = "00:E0:4C:00:02:42"
    pkt[Ether].dst = "00:E0:4C:01:08:99"
    pkt[IP].src = "169.254.162.71"
    pkt[IP].dst = "169.254.208.208"
    pkt[IP].chksum = None
    pkt[IP].payload.chksum = None
    wrpcap('ModifiedZeus.pcap', pkt, append=True)

Which is a derivative of the answer provided here:

Sending packets from pcap with changed src/dst in scapy

I get these packets:

Excerpt from Zeus.pcap (The expected outcome is this packet file with changed source and destination addresses.)

The Issue To my understanding, the Scapy code should reply what is in the packet file, with the updated ip,mac and checksums. Why does the code only send BROWSER protocol packets? And why is the Source and Destination IP addresses wrong in the output?

Whats the issue? You forgot to mention it or it's very unclear. — Cukic0d, May 27 '20 at 14:59
"The appropriate packets were not reieved" => What are these, exactly? — Ross Jacobs, May 27 '20 at 18:21
@RossJacobs The packets received were incorrect. They where of the wrong protocol and had the wrong Source and Destination IP addresses. — Lyra Orwell, May 28 '20 at 08:08
My guess is that there's an issue with the link layer. Maybe because you're using `append`.. Could be a bug. What happens if you add all the packets to a list then `wrpcap()` the list to a file? — Cukic0d, May 28 '20 at 08:16

Scapy sets all packets to BROWSER and interates through IPs

0 Answers0