user72726
user72726

Reputation: 155

Client sends [RST] after receive [SYN, ACK]

I am trying to do a handshake with a server I downloaded from the internet. But when the client receives [SYN, ACK] it sends back a [RST]. Have no idea what is happening. Already checked the acknowledge and sequence number but everything seems ok.

In wireshark I got this:

enter image description here

Here is the handshake client source code:

from scapy.all import *

src_ip   = "192.168.43.34"
dst_ip   = "192.168.43.115"
src_port = random.randint(1024, 65535)
dst_port = 502

seq_nr   = random.randint(444, 8765432)
ack_nr   = 0



# Create SYN packet
ip       = IP (src   = src_ip, dst = dst_ip)
syn      = TCP(sport = src_port, dport = dst_port, flags='S', seq = seq_nr, ack = ack_nr)
pkt_syn  = ip / syn 

pkt_syn.show()

# send SYN packet and receive SYN/ACK packet
print('Sending SYN')
pkt_syn_ack = sr1(pkt_syn)
print('ACK received')
pkt_syn_ack.show()


# Create the ACK packet
ack_nr   = pkt_syn_ack.seq + 1
seq_nr   = seq_nr + 1

ack = TCP(sport = src_port, dport = dst_port, flags = 'A', seq = seq_nr, ack = ack_nr)
send(ip / ack)

...

Upvotes: 1

Views: 7861

Answers (1)

Shir
Shir

Reputation: 1207

The problem is that your OS is receiving the SYN-ACK packet, has no idea why it was sent (as the OS itself didn't start a handshake) and reset the connection.

You can find some solutions here (for Linux)- Unwanted RST TCP packet with Scapy

Another option is to use a different IP than the OS's, or in Windows turn off the IP stack of the used interface (only if this is the only thing that you use this interface for!)

Upvotes: 3

Related Questions