I use Scapy to read packet and apply encryption to payload and write the new packet to a pcap file. When I read the new packet using Scapy, I can see the TCP payload size is 304 bytes. But Wireshark only shows the TCP payload size 301 bytes. Interesting that the original packet's tcp payload size is 301 bytes and the AES encryption adds 3 bytes padding to make it 304 bytes(multiple of 16 bytes), and Wireshark does not show the extra 3 bytes added by the padding. Any ideas?
Thanks!
