I'm using the script mentioned in this answer: 3 way handshake in Scapy - it is built using scapy framework. This is the github gist for that script: https://gist.github.com/tintinweb/8523a9a43a2fb61a6770
However I'm not sure why it does not work, while curl
and telnet
commands for the same setup (network flow: tcp dst/src ip and dst/src ports) it work fine.
MY SETUP:
netcat -l 5555 (TCP) <---------- 127.0.0.1 ---------< curl http://127.0.0.1:5555
Script output:
ubunt@ubunt-MS-7A94:~/Desktop$ sudo python TCP_scapy.py
WARNING: No route found for IPv6 destination :: (no default route?)
DEBUG:__main__:init: ('127.0.0.1', 5555)
DEBUG:__main__:start
DEBUG:__main__:SND: SYN
DEBUG:__main__:RCV: None
DEBUG:__main__:RCV: None
None
DEBUG:__main__:SND: FIN
DEBUG:__main__:RCV: None
TCPDUMP output:
> sudo tcpdump -i any -nn port 5555 -X
12:00:32.668429 IP 127.0.0.1.6320 > 127.0.0.1.5555: Flags [S], seq 905745200, win 8192, length 0
0x0000: 4500 0028 0001 0000 4006 7ccd 7f00 0001 E..(....@.|.....
0x0010: 7f00 0001 18b0 15b3 35fc 9330 0000 0000 ........5..0....
0x0020: 5002 2000 9a50 0000 P....P..
12:00:33.921969 IP 127.0.0.1.6320 > 127.0.0.1.5555: Flags [P.], seq 905745201:905745230, ack 0, win 8192, length 29
0x0000: 4500 0045 0001 0000 4006 7cb0 7f00 0001 E..E....@.|.....
0x0010: 7f00 0001 18b0 15b3 35fc 9331 0000 0000 ........5..1....
0x0020: 5018 2000 e90c 0000 494e 5445 4e54 494f P.......INTENTIO
0x0030: 4e41 4c20 4241 4420 5245 5155 4553 540d NAL.BAD.REQUEST.
0x0040: 0a0d 0a0d 0a .....
12:00:35.204787 IP 127.0.0.1.6320 > 127.0.0.1.5555: Flags [F], seq 905745230, win 8192, length 0
0x0000: 4500 0028 0001 0000 4006 7ccd 7f00 0001 E..(....@.|.....
0x0010: 7f00 0001 18b0 15b3 35fc 934e 0000 0000 ........5..N....
0x0020: 5001 2000 9a33 0000 P....3..
The 2 differences that I have found btw/ the packets sent by curl and scapy are:
- lenght (curl: 74, scapy: 54);
- scapy sends a broadcast @ Layer 2:
ffff:ffff:ffff
and curl sends0000:0000:0000
;