Reputation: 11
Scapy TCP Handshake - Windows
While trying to perform a tcp TWH in scapy I encountered a problem. When my host receives the syn/ack, the kernel ip/tcp stack aborts the handshake by sending rst. It happens because the first packet sent (the syn) is transparent to the os due to the raw socket that scapy is using.
In some other questions regarding the same issue the solution was to set up iptables to drop packets with the rst flag.
Does anyone have a solution for windows? (I prefer not to use the FW unless there is no choice)
Thanks!
Upvotes: 1
Views: 1285
Answers (1)
Reputation: 6237
That's a common problem, and it is not specific to Windows (or Scapy, for that matters - you can face similar issues with Masscan, for example).
You have totally understood and describe it: the problem lies in the IP address being "shared" between Scapy and your host's IP stack.
You have two options:
- Use a firewall to prevent your host from getting the SYN/ACK packet (Scapy will get it anyway) or to prevent your host from sending a RST packet.
- Use a different IP address with Scapy. This is a bit more difficult because it requires some kind of ARP proxy (or a Scapy script) to answer ARP request for the IP address you will use with Scapy.
Hope this helps, happy hacking!
Upvotes: 1
Related Questions
- Three-way handshake in Scapy
- How to spoof a TCP handshake in scapy?
- Issues with scapy, sr1
- Scapy TCP RST atack
- Scapy packet sent cannot be received
- Send scapy packets through raw sockets in python
- TCP handshake using python RAW sockets
- Scapy Raw Sockets
- Raw sockets and sendto in python
- Scapy, sending, receiving and responding