Reputation: 11
RST instead of ACK in third step of handshake process
I wrote c/c++ code runs on Ubuntu that simulate handshake process.
//Create a raw socket
int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
//some address resolution
strcpy(source_ip , "192.168.1.9");
sin.sin_family = AF_INET;
sin.sin_port = htons(1235);
sin.sin_addr.s_addr = inet_addr ("192.168.1.6");
if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
{
perror("Error setting IP_HDRINCL");
exit(0);
}
{
//Send the packet
if (sendto (s, datagram, iph->tot_len , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0)
{
perror("sendto failed");
}
//Data send successfully
else
{
printf ("Packet Send. Length : %d \n" , iph->tot_len);
}
}
int l;
if( recvfrom(s,buffer,4096,0, (struct sockaddr *) &sin, &l)<0)
{
perror("sendto failed");
}
//Data send successfully
else
{
printf ("Packet recv. ");
}
printf ("Enter number to end: ");
int numm=getchar();
close(s);
return 0;
The code start by send SYN packet to 192.168.1.6:1235 that is runs on windows.
The SYN packet reached to 192.168.1.6:1235 correctly.
The SYN-ACK reached to Ubuntu (192.168.1.9:1234) correctly.
But RST shown in Wireshark instead of ACK.
I run netcat –l –p 1235 on 192.168.1.6
I tried all the following:
- use netcat in source machine(ubuntu) to open the same port (1234) that I used when I sent SYN.
- firewall in ubuntu disabled by default.
- I wrote a small code the let this machine to be a server on the same port(1234) that I used in SYN.
- I updated the code the sent the SYN packet to unclose the socket unless I insert some character.
But no one solve the problem.
Upvotes: 1
Views: 913
Answers (1)
Reputation: 9906
When you use raw sockets, your operating system is unaware that a connection exists, since you've essentially implemented your own TCP/IP stack and bypassed the operating system.
Your operating system sees an unsolicited packet and responds with an RST to indicate an active refusal to the remote system that is responding to your packets sent using raw sockets.
To get around it, use an IP address that is routed to the subnet you're on but that is not assigned on the machine using raw sockets so that the operating system does not respond, then transmit from it and listen for responses in a sort of "promiscuous mode". Your network card should support observing packets not destined to it and thus you can monitor traffic that is appropriately routed.
Upvotes: 1
Related Questions
- STARTED getting RST packet from client socket after I replied SYN packet with SYN + ACK packet
- why kernel sent RST to a remote TCP server after the machine receiving a SYN/ACK packet?
- TCP: Server sends [RST, ACK] immediately after receiving [SYN] from Client
- Server responds with [ACK] to client's [SYN] which ends up in [RST, ACK] from client
- Client sends [RST] after receive [SYN, ACK]
- How to set linux kernel not to send RST_ACK, so that I can give SYN_ACK within raw socket
- Why is one endpoint of this TCP connection sending a packet with the RST flag?
- hping send SYN: how not to send RST after receiving SYN/ACK?
- TCP after the handshake: seq ack homework
- Why TCP socket send a RST packet instead of resending data when receives an incorrect ACK?