2

I need to send a FIN packet to close a connection having IP and ports information (plus other informations from previus packets).

I've seen that is possbile to craft a new connection through a 3-way-handshake (see 3 way handshake in Scapy), but nothing on connection closure.

Community
  • 1
  • 1
Lucap
  • 21
  • 1
  • 2
  • Hey Lucap. Could you set the TCP flag of the last packet to 'F'? Do you have an example of the code you are using? – Noob123 Feb 23 '17 at 20:34

1 Answers1

4

As stated by the RFC you need to send a FIN segment then wait for the endpoint's acknowledgment (ACK) + FIN segment and then send a last ACK segment for it.

Here is a simple example using Scapy:

from scapy.all import *

conf.L3socket=L3RawSocket

sport=10000
dport=45000
pkt=IP(src="1.2.3.4", dst="4.5.6.7")

SYN=pkt/TCP(sport=sport, dport=dport, flags="S")
SYNACK=sr1(SYN)
ACK=pkt/TCP(sport=sport, dport=dport, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1)
send(ACK)

# ...

FIN=pkt/TCP(sport=sport, dport=dport, flags="FA", seq=SYNACK.ack, ack=SYNACK.seq + 1)
FINACK=sr1(FIN)
LASTACK=pkt/TCP(sport=sport, dport=dport, flags="A", seq=FINACK.ack, ack=FINACK.seq + 1)
send(LASTACK)
Community
  • 1
  • 1
Jeff Bencteux
  • 1,406
  • 16
  • 27
  • Do you have any idea how to do this without ignoring the last FIN (meaning waiting for it, receiving it and only then sending the last ACK)? – Shir May 28 '19 at 14:33