{"id":879,"date":"2014-10-22T10:45:25","date_gmt":"2014-10-22T10:45:25","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2014\/10\/22\/how-to-build-a-tcp-connection-in-scapy\/"},"modified":"2021-08-01T00:28:08","modified_gmt":"2021-08-01T00:28:08","slug":"how-to-build-a-tcp-connection-in-scapy","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Programming\/Python\/how-to-build-a-tcp-connection-in-scapy.html","title":{"rendered":"How to Build a TCP Connection in Scapy"},"content":{"rendered":"
Scapy<\/a> is a packet manipulation program written in Python by Philippe Biondi.<\/p>\n Within this article I will show you the code required to build a 3WHS within Python using Scapy.<\/p>\n At the point you send the SYN from Scapy and the SYN-ACK is returned. Because the Linux kernel receives the SYN-ACK but didn’t send the SYN it will issue a RST. To prevent this IPtables can be used, using the syntax below,<\/p>\n In order to perform a 3WHS with Scapy the following code is used.<\/p>\n To run the script above (based on you saving the script as 3WHS.py) the following syntax is used \u00a0.\/3WHS.py <src ip> <dst ip> <dst port><\/span><\/p>\n Once run your see the following packets sent and received via a tcpdump<\/span>,<\/p>\n On the server you will then see the connection established by running a netstat<\/span>,<\/p>\n Scapy is a packet manipulation program written in Python by Philippe Biondi. Within this article I will show you the code required to build a 3WHS within Python using Scapy. Prevent RST At the point you send the SYN from Scapy and the SYN-ACK is returned. Because the Linux kernel receives the SYN-ACK but didn’t … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"yoast_head":"\nPrevent RST<\/h2>\n
iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP iptables -L<\/pre>\n
Code<\/h2>\n
#!\/usr\/local\/bin\/python\r\nfrom scapy.all import *\r\n\r\n# VARIABLES\r\nsrc = sys.argv[1]\r\ndst = sys.argv[2]\r\nsport = random.randint(1024,65535)\r\ndport = int(sys.argv[3])\r\n\r\n# SYN\r\nip=IP(src=src,dst=dst)\r\nSYN=TCP(sport=sport,dport=dport,flags='S',seq=1000)\r\nSYNACK=sr1(ip\/SYN)\r\n\r\n# ACK\r\nACK=TCP(sport=sport, dport=dport, flags='A', seq=SYNACK.ack, ack=SYNACK.seq + 1)\r\nsend(ip\/ACK)<\/pre>\n
Example<\/h2>\n
[root@client ~]# tcpdump -ni any port 443 -S\r\n14:53:14.402953 IP 172.16.120.5.62409 > 172.16.100.101.https: S 1000:1000(0) win 8192\r\n14:53:14.406422 IP 172.16.100.101.https > 172.16.120.5.62409: S 1629791522:1629791522(0) ack 10\r\n01 win 18484\r\n14:53:14.505963 IP 172.16.120.5.62409 > 172.16.100.101.https: . ack 1629791523 win 8192\r\n\r\n# 172.16.120.5 = client \/ 172.16.100.101 = server<\/pre>\n
[root@server ~]# netstat -anp | grep 443 | grep EST\r\ntcp \u00a0 \u00a0 \u00a0 \u00a00 \u00a0 \u00a0 \u00a00 ::ffff:127.0.0.1:443 \u00a0 \u00a0 \u00a0 \u00a0::ffff:172.16.120.5:42375 \u00a0 ESTABLISHED 2611\/httpd<\/pre>\n","protected":false},"excerpt":{"rendered":"