Scapy Fails to Reassemble Large MQTT CONNECT Packets with WILL message Across Multiple TCP Segments #4595

arefehkr · 2024-11-20T20:59:35Z

Brief description

While processing a pcap file containing MQTT traffic, I encountered an issue where Scapy fails to correctly reassemble large MQTT CONNECT packets that are fragmented across multiple TCP segments. This issue occurs when the CONNECT packet includes a large Will message (size 1514 bytes) that spans three TCP segments. Scapy handles the first TCP segment correctly but fails to combine it with the subsequent segments to form the complete CONNECT packet.

Scapy version

2.5.0

Python version

3.8

Operating system

Windows

Additional environment information

The first TCP segment of the CONNECT packet is processed correctly.
The second and third TCP segments are not combined with the first segment, resulting in incorrect packet interpretation.
Scapy outputs unrelated packet types (e.g., PUBREL, PUBCOMP).
I attached the scapy result that couldnt handle large WILL payload.
scapy_print.txt

How to reproduce

Here is the pcap file:
WILL_DoS_selected.zip

Actual result

No response

Expected result

No response

Related resources

No response

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scapy Fails to Reassemble Large MQTT CONNECT Packets with WILL message Across Multiple TCP Segments #4595

Scapy Fails to Reassemble Large MQTT CONNECT Packets with WILL message Across Multiple TCP Segments #4595

arefehkr commented Nov 20, 2024

Scapy Fails to Reassemble Large MQTT CONNECT Packets with WILL message Across Multiple TCP Segments #4595

Scapy Fails to Reassemble Large MQTT CONNECT Packets with WILL message Across Multiple TCP Segments #4595

Comments

arefehkr commented Nov 20, 2024

Brief description

Scapy version

Python version

Operating system

Additional environment information

How to reproduce

Actual result

Expected result

Related resources