adding a new protocol to the packet by Scapy, but I do not see the field on the controller or Wireshark

Question

I am trying to add a metadata field to the pkt by Scapy. I use mininet as a platform to launch my network simulation.

from scapy.all import *
from datetime import datetime
class Metadata(Packet):
    name = "Metadata"
    fields_desc = [ XByteField("metadata", 1) ] 

def generatePackets():
      if len(sys.argv) != 4:
        print "Usage: arping2tex <net>\n eg: arping2text 192.168.1.0/24"
        sys.exit(1)
      src= sys.argv[1]
      dst= sys.argv[2]
      x = int(sys.argv[3])
      ip=IP(src= src, dst= dst)
      metadata = Metadata(metadata = 200)
      udp=UDP(sport= 2235, dport=5546)#,
      data = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S.%f')[:-3]
      pkt = (ip/udp/metadata/data)
      print pkt.show()
      send(pkt, count = x)   
    
if __name__ == '__main__':
    generatePackets()

when I send the pkt I can see the metadata field on the sender(xterm) Xterm for the sender with new field

But, I do not see the metadata field on the controller, Wireshark or the destination host. Xterm for the receiver without the new field

please, I need an explanation, or what is the mistake I have done.

Answer 1

your metadata is present on the other side. you can see it on the payload of your receiving side

you sent: metadata: c8 / raw: "a date" you received: raw: c8 "a date"

now let's dig on what is going on. your receiver receive a UDP frame with a some data. Since no protocol has been registered, it cannot know that the 1st 2 bytes are metedata, then assumes it is part of the normal payload.

you can confirm that simply by reuning that command before sending: pkt.show2() instead of running pkt.show()

The difference is that show2() rebuild and re-decode the packet before printing, while show() only prints the packet. Then you will see that you sent what the receiver got.