尝试通过 Pcap.net 连接到某人时，如何防止 Windows 发送 RST 数据包? [英] How to prevent Windows from sending RST packet when trying to connect to somebody via Pcap.net?

问题描述

我正在尝试使用 Pcap.Net 打开 tcp 连接.

I'm trying to use Pcap.Net to open a tcp connection.

我要发送以下包裹:

服务器响应:

此后，Windows 自行发送重置数据包:

After this, Windows on its own sends the reset packet:

为什么会发生这种情况，我该如何阻止这种行为?

Why is this happening, and how do I block this behavior?

我在 Windows 7 上执行此操作

I'm doing this on Windows 7

推荐答案

正如 Harris 先生所说，您可以使用 WinDivert 来做你想要什么.例如.要进行 TCP 握手，您可以编写如下内容:

As Mr Harris says, you can use WinDivert to do what you want. E.g. to just do the TCP handshake, you can write something like the following:

// TCP handshake using WinDivert:
HANDLE handle = DivertOpen("inbound && tcp.SrcPort == 80 && tcp.Syn && tcp.Ack", 0, 0, 0);
DivertSend(handle, synPacket, sizeof(synPacket), dstAddr, NULL);
...
DivertRecv(handle, synAckPacket, sizeof(synAckPacket), &srcAddr, &length);
...
DivertSend(handle, ackPacket, sizeof(ackPacket), dstAddr, NULL);
...

DivertRecv() 函数在服务器响应由 Windows TCP/IP 堆栈处理之前将其重定向到用户空间.所以不会产生讨厌的 TCP RST.DivertSend() 注入数据包.

The DivertRecv() function redirects the server response into user space before it is handled by the Windows TCP/IP stack. So no pesky TCP RST will be generated. DivertSend() injects packets.

这是 WinDivert 和 WinPCAP 之间的主要区别.后者只是一个数据包嗅探器，而前者可以拦截/过滤/阻止流量.

This is the main differences between WinDivert and WinPCAP. The latter is merely a packet sniffer, whereas the former can intercept/filter/block traffic.

WinDivert 是用 C 编写的，因此您需要编写自己的 .NET 包装器.

WinDivert is written in C so you'd need to write your own .NET wrapper.

(通常披露:WinDivert 是我的项目).

(usual disclosure: WinDivert is my project).

这篇关于尝试通过 Pcap.net 连接到某人时，如何防止 Windows 发送 RST 数据包?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！