带有Scapy的不需要的RST TCP数据包 [英] Unwanted RST TCP packet with Scapy

问题描述

为了了解TCP的工作原理，我尝试构建自己的TCP SYN/SYN-ACK/ACK(基于教程:

In order to understand how TCP works, I tried to forge my own TCP SYN/SYN-ACK/ACK (based on the tutorial: http://www.thice.nl/creating-ack-get-packets-with-scapy/ ).

问题是，每当我的计算机从服务器收到SYN-ACK时，它都会生成一个RST数据包以停止连接过程.

The problem is that whenever my computer recieve the SYN-ACK from the server, it generates a RST packet that stops the connection process.

我在OS X Lion和Ubuntu 10.10 Maverick Meerkat上尝试过，都重置了连接.我发现了这一点: http://lkml.indiana.edu/hypermail/linux /net/0404.2/0021.html ，我不知道这是为什么.

I tried on a OS X Lion and on a Ubuntu 10.10 Maverick Meerkat, both reset the connection. I found this: http://lkml.indiana.edu/hypermail/linux/net/0404.2/0021.html, I don't know if it is the reason.

有人能告诉我原因吗?以及如何避免这个问题?

Does anyone could tell me what could be the reason? And how to avoid this problem?

谢谢.

推荐答案

您引用的文章对此很清楚...

The article you cited makes this pretty clear...

由于您尚未完成完整的TCP握手，因此操作系统可能会尝试控制并可以开始发送RST(重置)数据包，为避免这种情况，我们可以使用iptables:

Since you are not completing the full TCP handshake your operating system might try to take control and can start sending RST (reset) packets, to avoid this we can use iptables:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.20 -j DROP

从本质上讲，问题在于scapy在用户空间中运行，并且Linux内核将首先接收SYN-ACK.内核将发送RST，因为在有机会使用scapy进行任何操作之前，该端口号上没有打开套接字.

Essentially, the problem is that scapy runs in user space, and the linux kernel will receive the SYN-ACK first. The kernel will send a RST because it won't have a socket open on the port number in question, before you have a chance to do anything with scapy.

解决方案(如博客所述)是对内核进行防火墙，以防止发送RST数据包.

The solution (as the blog mentions) is to firewall your kernel from sending a RST packet.

这篇关于带有Scapy的不需要的RST TCP数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！