Wireshark thinks scapy packet's raw data is DNS (malformed packet)

Question

I'm trying to send a udp packet with scapy to the all the devices in my network with raw data: ( hello everyone )

The packet looks like this:

packet = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(dst="255.255.255.0") / UDP(sport=8118) / "hello everyone"

packet.show()

###[ Ethernet ]###
  dst       = ff:ff:ff:ff:ff:ff
  src       = (my mac address)
  type      = IPv4
###[ IP ]###
     version   = 4
     ihl       = None
     tos       = 0x0
     len       = None
     id        = 1
     flags     =
     frag      = 0
     ttl       = 64
     proto     = udp
     chksum    = None
     src       = 192.168.0.105
     dst       = 255.255.255.0
     \options   \
###[ UDP ]###
        sport     = 8118
        dport     = domain
        len       = None
        chksum    = None
###[ Raw ]###
           load      = 'hello everyone'

When I send the packet ( sendp(packet) ), wireshark says this is a malformed DNS packet:

What is the problem?

Answer 1

I believe you're confusing Wireshark, due to you not specifying the destination port. If you don't specify a dport for UDP , it defaults to 53:

class UDP(Packet):
    name = "UDP"
    fields_desc = [ShortEnumField("sport", 53, UDP_SERVICES),
                   ShortEnumField("dport", 53, UDP_SERVICES),
                   ShortField("len", None),
                   XShortField("chksum", None), ]

Both ports actually do. 53 is for DNS though, so Wireshark is attempting to interpret your payload as DNS based on the port number.

Specify both sport and dport to ensure that your packet isn't misinterpreted as a DNS packet.