why does system send RST flag when try - TCP 3 way handshake in python

Question

i wanna create a TCP-3 way handshake in my ubuntu. i used a kali linux in a virtual machine. and in terminal of kali linux(IP- 172.16.28.130) i opened a port in "LISTEN " mode to get a connection with that machine.

nc -l -p 1025

my python code which ran in ubuntu host machine,

#!/usr/bin/python
from scapy.all import *
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

#if i send to broadcast address : 192.168.1.255 what will happen?
def sendPacket(src, dst):
   ip = IP(dst = dst)
   port = RandNum(1024, 65535)
   SYN = ip / TCP(sport=port, dport=1025, flags="S", seq = 42)
   SYNACK = sr1(SYN, verbose=0)

   ACK = ip / TCP(sport = SYNACK.dport, dport=80, flags="A", seq = SYNACK.ack, ack = SYNACK.seq + 1)
   send(ACK)

   print "Done!!\n"

src = '1.2.3.4'
dst = '172.16.28.130'
sendPacket(src, dst)

the packets capture using wireshark,

3      172.16.28.1   172.16.28.130   TCP   54   64865 > blackjack [SYN] Seq=0 Win=8192 Len=0

4      172.16.28.130   172.16.28.1   TCP   60   blackjack > 64865 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460

7      172.16.28.1   172.16.28.130   TCP   54   64865 > blackjack [RST] Seq=1 Win=0 Len=0

8      172.16.28.1   172.16.28.130   TCP   54   64865 > http [ACK] Seq=1 Ack=1 Win=8192 Len=0

9      172.16.28.130   172.16.28.1   TCP   60   http > 64865 [RST] Seq=1 Win=0 Len=0

before ran the code, i changed IPtable,

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.20 -j DROP

when i changed the destination to , dst = "www.google.com" and destination port to, dport=80 it was working fine.

but now, 1) i could send SYN packet 2) the destination respond with SYN, ACK packets 3) my system sends RST 4) i sent ACK 5) destination system reply with RST So i can't establish a connection!! Questions: 1) how can i success full establish a connection 2) my source ip = "1.2.3.4", * but when i sent to virtual machine it shows 172.16.28.1(Broadcast ip). why?

Answer 1

1) how can i success full establish a connection

Here's a guess. Change your iptables command to:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 172.16.28.1 -j DROP

When you connect to google.com, you are connecting through your physical Ethernet device, which has IP 192.168.x.y, so the -s argument matches.

When you connect to Kali, you are connecting through a virtual Ethernet device which has address 172.16.x.y, so the -s doesn't match.

You need to drop the RST packets from the correct output queue.

2) my source ip = "1.2.3.4", * but when i sent to virtual machine it shows 172.16.28.1(Broadcast ip). why?

First, 172.16.28.1 is not your broadcast IP. It is the IP of your host computer's virtual Ethernet device.

The reasons why your source IP isn't appearing is that you aren't using it:

ip = IP(dst = dst)

You specify a destination address, but no source address. Some entity (scapy or the host OS IP stack, I'm not sure) is choosing a reasonable source address for you. You might try:

ip = IP(dst = dst, src = src)

and see what happens there.