I tried to send SYN packets on my local network and monitoring them with Wireshark and everything works just fine, except when i try to send a packet to my own ip address it "seems" to work because it says Sent 1 packet, but it is not really sent, i can't see the packet in Wireshark nor any answers to the packet. My setup is a computer A ( 192.168.0.1 ) with a TCP Socket Server listening on port 40508, and a computer B ( 192.168.0.2 ).
On Computer B i test:
ip=IP(src="192.168.0.2",dst="192.168.0.1")
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)
It works fine, i see the SYN packet on Wireshark and the SYN/ACK response from 192.168.0.1
On Computer A i test:
ip=IP(src="192.168.0.1",dst="192.168.0.2")
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)
It works fine too, i see the SYN packet and the RST/ACK ( there is no server listening on port 40508 on 192.168.0.2 so it sends a RST/ACK ) response from 192.168.0.2
But when i try on Computer A :
ip=IP(src="192.168.0.2",dst="192.168.0.1")
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)
Nothing appears in Wireshark, as if the packet was never sent but it said like the other tests : Sent 1 packets. and returned no error whatsoever. If i run the same test on computer B and try to send a packet to its own IP address i got the same problem.
For my program i really need to send a SYN packet to my own IP address, is there a way to do that or is it impossible ?
Thanks in advance,
Nolhian
Now, first create an IP packet - you may notice the src is set to the client IP and the dst been set to the server IP. Then, we need to create a TCP packet with SYN - see the flags been set to "S". And we are also setting a sequence number... Then we need to send the crafted packet.
To send a package in scapy, we have two methods: send(): Sends layer-3 packets. sendp(): Sends layer-2 packets.
The send() function will send packets at layer 3. That is to say, it will handle routing and layer 2 for you. The sendp() function will work at layer 2. It's up to you to choose the right interface and the right link layer protocol.
What network device(s) is your Wireshark installation listening on? I suspect it's listening on the actual network card (ethernet, wifi, or otherwise, as per the Wireshark FAQ) -- and when sending from a computer to itself the OS can of course bypass the device (why bother with it?) and just do the "sending" by copying bits around within the TCP/IP stack in kernel memory.
In other words I suspect your packet is being sent OK, just Wireshark may not see it. To verify this hypothesis, you could try (e.g.) using your browser to visit existent and nonexistent ports on your local machine, and see if Wireshark sees those packets or not.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With