How to create a TCP packet bigger than 64KB and save it in a pcap file?

by

Summary

The task at hand is to create a TCP packet larger than 64KB and save it in a pcap file for testing purposes. However, using scapy, a popular Python-based packet manipulation tool, encounters an error when attempting to create such a large packet.

Root Cause

The root cause of the issue lies in the TCP checksum calculation, which is limited to 16 bits, thus restricting the payload size to 65535 bytes. When trying to create a packet with a larger payload using scapy, it fails due to this limitation. Key causes include:

  • TCP checksum limitations: The TCP checksum is calculated using a 16-bit field, which limits the payload size.
  • Scapy’s implementation: Scapy’s attempt to calculate the checksum for a large packet exceeds the 16-bit limit, resulting in an error.

Why This Happens in Real Systems

This issue occurs in real systems because of the fundamental design of TCP, which includes a 16-bit checksum field. This design choice was made for efficiency and simplicity but imposes limitations on packet size. In practice, this means:

  • Packet size limitations: TCP packets are generally limited to 65535 bytes due to the checksum constraint.
  • Error handling: When attempting to create or transmit larger packets, systems may encounter errors or failures.

Real-World Impact

The real-world impact of this limitation includes:

  • Testing challenges: Creating large TCP packets for testing purposes can be difficult or impossible with standard tools.
  • Performance limitations: Applications requiring large packet transfers may experience performance issues or errors due to TCP’s size limitations.

Example or Code

from scapy.all import *
import scapy

# Attempting to create a large TCP packet
bigp = IP(src="127.0.0.1", dst="192.168.2.71")/TCP(sport=123,dport=456)/Raw(RandString(size=120000))
print(len(bigp[IP].load))

# Saving the packet to a pcap file
lst = scapy.plist.PacketList()
lst.append(bigp)
wrpcap("/tmp/c.pcap", lst)

How Senior Engineers Fix It

Senior engineers address this issue by:

  • Using alternative packet creation tools: Utilizing tools that can handle large packet creation without the TCP checksum limitation.
  • Implementing custom solutions: Developing custom code or scripts to generate large packets, potentially bypassing standard TCP checksum calculations.
  • Segmenting large data: Breaking down large data into smaller, manageable packets that comply with TCP’s size limitations.

Why Juniors Miss It

Junior engineers might miss this issue due to:

  • Lack of understanding of TCP fundamentals: Not being familiar with the underlying design and limitations of TCP.
  • Overreliance on standard tools: Relying solely on common tools like scapy without exploring alternative solutions or workarounds.
  • Insufficient experience with packet manipulation: Limited hands-on experience with creating and manipulating packets, leading to a lack of awareness about potential size limitations.

Leave a Comment