Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unwanted RST TCP packet with Scapy

Tags:

python

networking

tcp

scapy

In order to understand how TCP works, I tried to forge my own TCP SYN/SYN-ACK/ACK (based on the tutorial: http://www.thice.nl/creating-ack-get-packets-with-scapy/ ).

The problem is that whenever my computer recieve the SYN-ACK from the server, it generates a RST packet that stops the connection process.

I tried on a OS X Lion and on a Ubuntu 10.10 Maverick Meerkat, both reset the connection. I found this: http://lkml.indiana.edu/hypermail/linux/net/0404.2/0021.html, I don't know if it is the reason.

Does anyone could tell me what could be the reason? And how to avoid this problem?

Thank you.

like image 521
user1177093 Avatar asked Jan 30 '12 00:01

user1177093

People also ask

What causes TCP RST packets?

In TCP, packets with the "Reset" (RST or R) flag are sent to abort a connection. Probably the most common reason you are seeing this is that an SYN packet is sent to a closed port. But RST packets may be sent in other cases to indicate that a connection should be closed.

What is RST TCP packet?

A TCP Reset (RST) packet is used by a TCP sender to indicate that it will neither accept nor receive more data. Out-of-path network management devices may generate and inject TCP Reset packets in order to terminate undesired connections.

What causes RST Wireshark?

The TCP RST flag resets the connection. It indicates that the receiver should delete the connection. The receiver deletes the connection based on the sequence number and header information.

What causes RST ACK?

In the case of a RST/ACK, The device is acknowledging whatever data was sent in the previous packet(s) in the sequence with an ACK and then notifying the sender that the connection has closed with the RST. The device is simply combining the two packets into one, just like a SYN/ACK.

1 Answers

The article you cited makes this pretty clear...

Since you are not completing the full TCP handshake your operating system might try to take control and can start sending RST (reset) packets, to avoid this we can use iptables:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.20 -j DROP

Essentially, the problem is that scapy runs in user space, and the linux kernel will receive the SYN-ACK first. The kernel will send a RST because it won't have a socket open on the port number in question, before you have a chance to do anything with scapy.

The solution (as the blog mentions) is to firewall your kernel from sending a RST packet.

like image 123
Mike Pennington Avatar answered Oct 04 '22 08:10

Mike Pennington
Sign in to Comment

Related questions

Loop over results from Path.glob() (Pathlib) [duplicate]
How to disable printing reports after each epoch in Keras?
How to hide hover tooltips on Spyder 4
numpy array with dtype Decimal?
Alternative to python string item assignment
Controlling scheduling priority of python threads?
convert binary string to numpy array
TypeError: only integer arrays with one element can be converted to an index
How to create a copy of a python function [duplicate]
Extract bounding box and save it as an image
Open tor browser with selenium
PEP 257 docstring trim in standard library?
How to avoid floating point errors? [duplicate]
Python's in (__contains__) operator returns a bool whose value is neither True nor False
Pandas merge giving error "Buffer has wrong number of dimensions (expected 1, got 2)"
Read excel sheet with multiple header using Pandas
Do Python lambda functions help in reducing the execution times?
Renaming file extension using pathlib (python 3)
Easiest way to serialize a simple class object with simplejson?
how to convert Python 3 to Python 2 code? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!