带有 Scapy 的不需要的 RST TCP 数据包 [英] Unwanted RST TCP packet with Scapy

问题描述

为了理解 TCP 是如何工作的，我尝试伪造自己的 TCP SYN/SYN-ACK/ACK(基于教程:http://www.thice.nl/creating-ack-get-packets-with-scapy/).

In order to understand how TCP works, I tried to forge my own TCP SYN/SYN-ACK/ACK (based on the tutorial: http://www.thice.nl/creating-ack-get-packets-with-scapy/ ).

问题是，每当我的计算机从服务器收到 SYN-ACK 时，它都会生成一个 RST 数据包来停止连接过程.

The problem is that whenever my computer recieve the SYN-ACK from the server, it generates a RST packet that stops the connection process.

我在 OS X Lion 和 Ubuntu 10.10 Maverick Meerkat 上尝试过，都重置了连接.我发现了这个:http://lkml.indiana.edu/hypermail/linux/net/0404.2/0021.html，不知道是不是这个原因.

I tried on a OS X Lion and on a Ubuntu 10.10 Maverick Meerkat, both reset the connection. I found this: http://lkml.indiana.edu/hypermail/linux/net/0404.2/0021.html, I don't know if it is the reason.

谁能告诉我可能是什么原因?以及如何避免这个问题?

Does anyone could tell me what could be the reason? And how to avoid this problem?

谢谢.

推荐答案

您引用的文章使这一点非常清楚...

The article you cited makes this pretty clear...

由于您没有完成完整的 TCP 握手，您的操作系统可能会尝试控制并开始发送 RST(重置)数据包，为了避免这种情况，我们可以使用 iptables:

Since you are not completing the full TCP handshake your operating system might try to take control and can start sending RST (reset) packets, to avoid this we can use iptables:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.20 -j DROP

本质上，问题在于scapy运行在用户空间，linux内核会先收到SYN-ACK.内核将发送 RST，因为在您有机会使用 scapy 执行任何操作之前，它不会在相关端口号上打开套接字.

Essentially, the problem is that scapy runs in user space, and the linux kernel will receive the SYN-ACK first. The kernel will send a RST because it won't have a socket open on the port number in question, before you have a chance to do anything with scapy.

解决方案(如博客中提到的)是通过防火墙阻止内核发送 RST 数据包.

The solution (as the blog mentions) is to firewall your kernel from sending a RST packet.

这篇关于带有 Scapy 的不需要的 RST TCP 数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！