That's a matter of alignment I think. No need for Wireshark to check that. From scapy, you can either use TCP(str(TCP(options=...)))
to force Scapy to build the packet and parse the resulting bytes, or use the .show2()
packet method.
The ('MSS', 1200)
option alone needs 4 bytes, so it won't need any extra option added:
>>> TCP(str(TCP(options=[('MSS',1200)]))).options
WARNING: No IP underlayer to compute checksum. Leaving null.
[('MSS', 1200)]
The ('NOP', None)
option fits in only 1 byte, so 3 null bytes will be added. The first one will show as ('EOL', None)
and of course, as EOL
means End Of List, the two next bytes won't be considered.
>>> TCP(str(TCP(options=[('NOP', None)]))).options
WARNING: No IP underlayer to compute checksum. Leaving null.
[('NOP', None), ('EOL', None)]
The reason why you need 4 bytes alignment is that the data offset field (dataofs
) means "number of 4-byte words from the beginning of the TCP
layer to the beginning of the data".