How to unset EOL option in TCP packet with scapy

Question

I've been messing around with scapy in Python, but more specifically, I've been creating packets and trying to set the options in the TCP layer.

I know I can create a packet with

>>> a = IP()/TCP()

I also know I can set the options in the TCP layer by

>>> a[TCP].options=[('MSS',1200),('NOP',None)]

Or

>>> a[TCP].options=('MSS',1200),('NOP',None)

The problem I am having is after I sent the packet and observe it in wireshark. Wireshark always shows that the End of List (EOL) option is set in my packets when I don't set it. I don't think that option is always set no matter what because I've seen plenty of TCP packets without that option displayed. Is there a way to set the TCP options in scapy WITHOUT including the EOL option?

Thanks.

Answer 1

That's a matter of alignment I think. No need for Wireshark to check that. From scapy, you can either use TCP(str(TCP(options=...))) to force Scapy to build the packet and parse the resulting bytes, or use the .show2() packet method.

The ('MSS', 1200) option alone needs 4 bytes, so it won't need any extra option added:

>>> TCP(str(TCP(options=[('MSS',1200)]))).options
WARNING: No IP underlayer to compute checksum. Leaving null.
[('MSS', 1200)]

The ('NOP', None) option fits in only 1 byte, so 3 null bytes will be added. The first one will show as ('EOL', None) and of course, as EOL means End Of List, the two next bytes won't be considered.

>>> TCP(str(TCP(options=[('NOP', None)]))).options
WARNING: No IP underlayer to compute checksum. Leaving null.
[('NOP', None), ('EOL', None)]

The reason why you need 4 bytes alignment is that the data offset field (dataofs) means "number of 4-byte words from the beginning of the TCP layer to the beginning of the data".