| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
Experts,
I'm trying to code a program to close a tcp session between my local machine and a remote one. I'm using the idea (double RST) and some of the code from "TCP cutter" (http://www.lowth.com/cutter) My problem is that I am not BETWEEN the two machines, I'm at one end. So I need to send a RST to myself and make me believe it comes from the remote machine ... My problem is as follow : My local machine is A (192.168.1.3) and my distant machine is B (xx.xx.xx.xx) A is sending a RST to B that works fine A is sending a RST to A ("from B") and this does not work... as you will see, the sequence numbers look fine. (sorry if the lines are wrapped, I can't change that) 15:11:59.369482 192.168.1.3.33254 > xx.xx.xx.xx.imaps: F [tcp sum ok] 0:0(0) win 0 (DF) (ttl 253, id 0, len 40) 15:11:59.372507 xx.xx.xx.xx.imaps > 192.168.1.3.33254: . [tcp sum ok] 1589:1589(0) ack 461 win 6432 <nop,nop,timestamp 163410425 1403391> (DF) (ttl 62, id 40208, len 52) 15:11:59.373290 192.168.1.3.33254 > xx.xx.xx.xx.imaps: R [tcp sum ok] 2365895080:2365895080(0) win 0 (DF) (ttl 253, id 0, len 40) 15:11:59.373699 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) 15:12:06.073374 192.168.1.3.33254 > xx.xx.xx.xx.imaps: P [tcp sum ok] 461:490(29) ack 1589 win 8870 <nop,nop,timestamp 1406204 163410425> (DF) (ttl 64, id 39495, len 81) 15:12:06.076633 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) let's go deeper  1) A sends FIN to find the sequence number: 15:11:59.369482 192.168.1.3.33254 > xx.xx.xx.xx.imaps: F [tcp sum ok] 0:0(0) win 0 (DF) (ttl 253, id 0, len 40) 2) reply from B : ACK with a good seq number: 15:11:59.372507 xx.xx.xx.xx.imaps > 192.168.1.3.33254: . [tcp sum ok] 1589:1589(0) ack 461 win 6432 <nop,nop,timestamp 163410425 1403391> (DF) (ttl 62, id 40208, len 52) 3) A sends rst to B (with good seq number) consequence: B closes the socket, on its side 15:11:59.373290 192.168.1.3.33254 > xx.xx.xx.xx.imaps: R [tcp sum ok] 2365895080:2365895080(0) win 0 (DF) (ttl 253, id 0, len 40) 4) A sends "fake" rst to A ("from B" thx to raw sockets) This should close the socket on A's side, but that's the pb : it does not! : 15:11:59.373699 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) 5) the real owner of the socket on A's side sends some data into the socket (though packet 4 should have made understand the socket's dead) : 15:12:06.073374 192.168.1.3.33254 > xx.xx.xx.xx.imaps: P [tcp sum ok] 461:490(29) ack 1589 win 8870 <nop,nop,timestamp 1406204 163410425> (DF) (ttl 64, id 39495, len 81) 6) B replies : the socket's closed --> RST --> this closes the socket on A's side for good 15:12:06.076633 xx.xx.xx.xx.imaps > 192.168.1.3.33254: R [tcp sum ok] 3960647341:3960647341(0) win 0 (DF) (ttl 253, id 0, len 40) packet 4 = packet 6 or is it ? So why is the 6th packet closing the socket on A's side and the 4th not ? some tcpdump details : 15:16:03.029155 192.168.1.3.33264 > xx.xx.xx.xx.imaps: F [tcp sum ok] 0:0(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4510 0028 0000 4000 fd06 3f8f c0a8 0103 E..(..@...?..... 0x0010 xxxx xxxx 81f0 03e1 0000 0000 0000 0000 QP+E............ 0x0020 5001 0000 ebd1 0000 P....... 15:16:03.032450 xx.xx.xx.xx.imaps > 192.168.1.3.33264: . [tcp sum ok] 1547:1547(0) ack 432 win 6432 <nop,nop,timestamp 163434791 1428906> (DF) (ttl 62, id 47958, len 52) 0x0000 4500 0034 bb56 4000 3e06 432d xxxx xxxx E..4.V@.>.C-QP+E 0x0010 c0a8 0103 03e1 81f0 04bb 7c74 a601 53be ...........|t..S. 0x0020 8010 1920 75f7 0000 0101 080a 09bd d127 .....u..........' 0x0030 0015 cdaa .... 15:16:03.032751 192.168.1.3.33264 > xx.xx.xx.xx.imaps: R [tcp sum ok] 2785104830:2785104830(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4510 0028 0000 4000 fd06 3f8f c0a8 0103 E..(..@...?..... 0x0010 xxxx xxxx 81f0 03e1 a601 53be 0000 0000 QP+E......S..... 0x0020 5004 0000 f20e 0000 P....... 15:16:03.032760 xx.xx.xx.xx.imaps > 192.168.1.3.33264: R [tcp sum ok] 79395956:79395956(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4510 0028 0000 4000 fd06 3f8f xxxx xxxx E..(..@...?.QP+E 0x0010 c0a8 0103 03e1 81f0 04bb 7c74 0000 0000 ...........|t.... 0x0020 5004 0000 6a9f 0000 P...j... 15:16:06.658510 192.168.1.3.33264 > xx.xx.xx.xx.imaps: P [tcp sum ok] 432:461(29) ack 1547 win 8870 <nop,nop,timestamp 1430262 163434791> (DF) (ttl 64, id 40850, len 81) 0x0000 4500 0051 9f92 4000 4006 5cd4 c0a8 0103 E..Q..@.@.\..... 0x0010 xxxx xxxx 81f0 03e1 a601 53be 04bb 7c74 QP+E......S...|t 0x0020 8018 22a6 9384 0000 0101 080a 0015 d2f6 ..."............. 0x0030 09bd d127 1703 0100 1890 5710 c450 b838 ....'......W..P.8 0x0040 697e b447 cbaa 576b 5725 6f31 267d 2e9e i~.G..WkW%o1&}.. 0x0050 73 s 15:16:06.661649 xx.xx.xx.xx.imaps > 192.168.1.3.33264: R [tcp sum ok] 79395956:79395956(0) win 0 (DF) (ttl 253, id 0, len 40) 0x0000 4500 0028 0000 4000 fd06 3f8f xxxx xxxx E..(..@...?.QP+E 0x0010 c0a8 0103 03e1 81f0 04bb 7c74 0000 0000 ...........|t.... 0x0020 5004 0000 6a9f 0000 0000 0000 0000 P...j......... The packets really look like the same. What I am thinking wrong ? any idea ? Florent |
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cat 6 cable - Home made problem | Steve | Linux Networking | 14 | 08-29-2008 07:50 PM |
| Home made antena's | Wal | Wireless Internet | 7 | 05-15-2005 11:56 AM |
| Re: Home made antenna... | David Taylor | Wireless Internet | 3 | 06-23-2003 04:43 PM |
| Re: Home made antenna... | David Taylor | Wireless Internet | 0 | 06-23-2003 08:11 AM |
| Re: Home made antenna... | David Taylor | Wireless Internet | 0 | 06-23-2003 08:07 AM |
Linear Mode
