Home-Made TCP Session Cutter problem
This is a discussion on Home-Made TCP Session Cutter problem within the Linux Networking forums, part of the Linux Forums category; Experts, I'm trying to code a program to close a tcp session between my local machine and a remote ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-19-2003
|
|||
|
|||
Home-Made TCP Session Cutter problem
Experts,
I'm trying to code a program to close a tcp session between my local machine and a remote one. I'm using the idea (double RST) and some of the code from "TCP cutter" (http://www.lowth.com/cutter) My problem is that I am not BETWEEN the two machines, I'm at one end. So I need to send a RST to myself and make me believe it comes from the remote machine ... My problem is as follow : My local machine is A (192.168.1.3) and my distant machine is B (xx.xx.xx.xx) A is sending a RST to B that works fine A is sending a RST to A ("from B") and this does not work... as you will see, the sequence numbers look fine. (sorry if the lines are wrapped, I can't change that) 15:11:59.369482 192.168.1.3.33254 > xx.xx.xx.xx.imaps: F [tcp sum ok] 0:0(0) win 0 (DF) (ttl 253, id 0, len 40) 15:11:59.372507 xx.xx.xx.xx.imaps > 192.168.1.3.33254: . [tcp sum ok] 1589:1589(0) ack 461 win 6432 <nop,nop,timestamp 163410425 1403391> (DF) (ttl 62, id 40208, len 52) 15:11:59.373290 192.168.1.3.33254 > xx.xx.xx.xx.imaps: R [tcp sum ok] 2365895080:2365895080(0) win 0 (DF) (ttl 253, id 0, len 40) 15:11:59.373699 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) 15:12:06.073374 192.168.1.3.33254 > xx.xx.xx.xx.imaps: P [tcp sum ok] 461:490(29) ack 1589 win 8870 <nop,nop,timestamp 1406204 163410425> (DF) (ttl 64, id 39495, len 81) 15:12:06.076633 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) let's go deeper ;) 1) A sends FIN to find the sequence number: 15:11:59.369482 192.168.1.3.33254 > xx.xx.xx.xx.imaps: F [tcp sum ok] 0:0(0) win 0 (DF) (ttl 253, id 0, len 40) 2) reply from B : ACK with a good seq number: 15:11:59.372507 xx.xx.xx.xx.imaps > 192.168.1.3.33254: . [tcp sum ok] 1589:1589(0) ack 461 win 6432 <nop,nop,timestamp 163410425 1403391> (DF) (ttl 62, id 40208, len 52) 3) A sends rst to B (with good seq number) consequence: B closes the socket, on its side 15:11:59.373290 192.168.1.3.33254 > xx.xx.xx.xx.imaps: R [tcp sum ok] 2365895080:2365895080(0) win 0 (DF) (ttl 253, id 0, len 40) 4) A sends "fake" rst to A ("from B" thx to raw sockets) This should close the socket on A's side, but that's the pb : it does not! : 15:11:59.373699 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) 5) the real owner of the socket on A's side sends some data into the socket (though packet 4 should have made understand the socket's dead) : 15:12:06.073374 192.168.1.3.33254 > xx.xx.xx.xx.imaps: P [tcp sum ok] 461:490(29) ack 1589 win 8870 <nop,nop,timestamp 1406204 163410425> (DF) (ttl 64, id 39495, len 81) 6) B replies : the socket's closed --> RST --> this closes the socket on A's side for good 15:12:06.076633 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) packet 4 = packet 6 or is it ? So why is the 6th packet closing the socket on A's side and the 4th not ? some tcpdump details : 15:16:03.029155 192.168.1.3.33264 > xx.xx.xx.xx.imaps: F [tcp sum ok] 0:0(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4510 0028 0000 4000 fd06 3f8f c0a8 0103 E..(..@...?..... 0x0010 xxxx xxxx 81f0 03e1 0000 0000 0000 0000 QP+E............ 0x0020 5001 0000 ebd1 0000 P....... 15:16:03.032450 xx.xx.xx.xx.imaps > 192.168.1.3.33264: . [tcp sum ok] 1547:1547(0) ack 432 win 6432 <nop,nop,timestamp 163434791 1428906> (DF) (ttl 62, id 47958, len 52) 0x0000 4500 0034 bb56 4000 3e06 432d xxxx xxxx E..4.V@.>.C-QP+E 0x0010 c0a8 0103 03e1 81f0 04bb 7c74 a601 53be ...........|t..S. 0x0020 8010 1920 75f7 0000 0101 080a 09bd d127 .....u..........' 0x0030 0015 cdaa .... 15:16:03.032751 192.168.1.3.33264 > xx.xx.xx.xx.imaps: R [tcp sum ok] 2785104830:2785104830(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4510 0028 0000 4000 fd06 3f8f c0a8 0103 E..(..@...?..... 0x0010 xxxx xxxx 81f0 03e1 a601 53be 0000 0000 QP+E......S..... 0x0020 5004 0000 f20e 0000 P....... 15:16:03.032760 xx.xx.xx.xx.imaps > 192.168.1.3.33264: R [tcp sum ok] 79395956:79395956(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4510 0028 0000 4000 fd06 3f8f xxxx xxxx E..(..@...?.QP+E 0x0010 c0a8 0103 03e1 81f0 04bb 7c74 0000 0000 ...........|t.... 0x0020 5004 0000 6a9f 0000 P...j... 15:16:06.658510 192.168.1.3.33264 > xx.xx.xx.xx.imaps: P [tcp sum ok] 432:461(29) ack 1547 win 8870 <nop,nop,timestamp 1430262 163434791> (DF) (ttl 64, id 40850, len 81) 0x0000 4500 0051 9f92 4000 4006 5cd4 c0a8 0103 E..Q..@.@.\..... 0x0010 xxxx xxxx 81f0 03e1 a601 53be 04bb 7c74 QP+E......S...|t 0x0020 8018 22a6 9384 0000 0101 080a 0015 d2f6 ..."............. 0x0030 09bd d127 1703 0100 1890 5710 c450 b838 ....'......W..P.8 0x0040 697e b447 cbaa 576b 5725 6f31 267d 2e9e i~.G..WkW%o1&}.. 0x0050 73 s 15:16:06.661649 xx.xx.xx.xx.imaps > 192.168.1.3.33264: R [tcp sum ok] 79395956:79395956(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4500 0028 0000 4000 fd06 3f8f xxxx xxxx E..(..@...?.QP+E 0x0010 c0a8 0103 03e1 81f0 04bb 7c74 0000 0000 ...........|t.... 0x0020 5004 0000 6a9f 0000 0000 0000 0000 P...j......... The packets really look like the same. What I am thinking wrong ? any idea ? Florent 
|
Linear Mode
