I have tried to capture some SNMP packets using wireshark. It is possible to read the captured files to scapy and to resend the frames much faster. Doing so, we sometimes meet the situation of wrong encapsulated ASN.1 (due to BER encoding). Scapy is able to read ASN.1 using wrong length encoding and corrects the failure itself when resending the packets. Unfortunately in this case the checksum and length is not recalculated - therefore it will be dropped before it reaches the SNMP agent to be stressed.
Here one example:
a) BER within the capture file
30 82 00 ea # SEQUENCE/SEQUENCE OF
b) BER after sending the same packet with scapy
30 81 ea # SEQUENCE/SEQUENCE OF
For sure it is possible to overwrite the checksum/length field with scapy. But this is not very helpfull to have a real record/replay test environment. In addition this kind of manipulation must be done per hand. From my perspective it would be brilliant to add the encapsulation already when reading the capture file to the buffer:
rdpcap( filename, Ether)
In addition we found out, that sending SNMP packets using scapy is quite slow. Changing the encoding to Ether is much faster (about 1500frames/s on my PC). Therefore it would be great to have an additional option for sendp for rapid packet generation. Rapid packet generation should compile the frames before sending it. This can be quite helpful for stress tests:
sendp( 1000*cbuf, iface="eth1", inter=0, rapid=1)
