scapy send fake http response issue , whireshark shows the seq and ack is very big than i set

Question

I'm doing a test about sending me the fake http response by using scapy, however whireshark shows the fake response is "TCP ACKed unseen segment", here is my code:

    pkgs = sniff(iface="eth0",filter="src host 192.168.1.153 and dst host 121.42.144.212 and tcp and port 80", lfilter = lambda x: x.haslayer(Raw), count=1)
    for pkg in pkgs:
        d_port = pkg[IP].sport #if i set d_port like 5555 , it will work, but if d_port= pkg[IP].sport, the packet is wrong
        ether = Ether(dst='00:0c:29:2c:0e:4e', src='8c:be:be:23:97:80')
        ip = IP(src='121.42.144.212', dst='192.168.1.153', flags="DF")
        tcp = TCP(flags="PA", sport=80, dport=d_port, seq=1,ack=87)
        res_data = "HTTP/1.1 200 OK\r\nDate: Thu, 02 Jul 2015 04:19:50 GMT\r\nServer: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.3.29\r\nX-Powered-By: PHP/5.3.29\r\nContent-Length: 4\r\nContent-Type: text/html\r\n\r\njoke"
        res = ether/ip/tcp/res_data
        #ls(res)
        sendp(res)

and wireshirk shows "Transmission Control Protocol, Src Port: http (80), Dst Port: 37938 (37938), Seq: 511606687, Ack: 1126945895, Len: 188", the seq and ack is bigger than I set.

and is this a bug or something is wrong in my code?

Which version of scapy do you use? There is version for python2 and a different version for python3.x (http://github.com/phaethon/scapy) — Eriks Dobelis, Jul 02 '15 at 06:34

score 0 · Answer 1 · answered Jul 02 '15 at 10:52

0

I'sorry, I found out that this may be wireshark's problem.

answered Jul 02 '15 at 10:52

Flavin

11

scapy send fake http response issue , whireshark shows the seq and ack is very big than i set

1 Answers1