0

I am trying to replicate some TCP communication that is sent from MongoDB and I have been able to replicate it byte by byte and it is still not being recognized.

The only difference I could find when analyzing the packets on Wireshark was that my packet has the data itself being recognized as a separate "Data" section (1s picture below) where the original, working packet has it as "TCP segment data" (2nd picture).

Can anyone explain on a high level how those two are different?

As an extra, I am using rust and I am writing bytes to the TcpStream as you'd normally do. Any idea why it's being sent this way vs. the other way?

Our packet as captured

Their packet as captured

kolrie
  • 235
  • 3
  • 12
  • "replicate a TCP packet" - go on, I'll bite, what are you trying to achieve? – Chopper3 Jul 06 '22 at 17:43
  • @Chopper3 first of all, sorry if my terms are off! :) I am really really green on network and I guess it shows. I am trying to send bytes over TCP (picture 1) that perfectly replicates the bytes being sent over TCP on the picture two. However, my packet shows a "Data" segment and the original one shows a "TCP segment data" inside the TCP "packet" itself. Let me know if this makes any sense at all. – kolrie Jul 06 '22 at 17:45
  • Sorry yes I got that, I'm wondering what the purpose of this effort is - you know TCP packets have a sequence right? and are connection based so if they get duplicate sequence packets they're generally discarded. It sounds like you're trying to do what's called a 'man in the middle attack' - which we spend a lot of time and effort to make hard. – Chopper3 Jul 06 '22 at 17:48
  • @Chopper3 no MITM there, I am trying to make a library that will "talk" MongoDB protocol but use PostgreSQL as a backend. I am trying to act as the MongoDB server in this case. – kolrie Jul 06 '22 at 17:54

0 Answers0