Scapy TCP Handshake

Question

Idea

I'm trying to establish a 3-way TCP Handshake with Scapy

Problem

I see the SYN-ACK package in Wireshark but sr1 does never terminate and no package seems to be received.

Code

I have a simple setup to test a TCP handshake with Scapy.

DESTINATION_HOST = "194.232.104.142" 
DESTINATION_PORT = 80

SOURCE_PORT = 50210
SOURCE_HOST = "192.168.0.31"



#create a TCL Handshake
#SYN
ip = IP(src=SOURCE_HOST,dst=DESTINATION_HOST)
SYN = TCP(sport=SOURCE_PORT, dport=DESTINATION_PORT, flags='S', seq=1000)
SYNACK =sr1(ip/SYN) #send the package and wait for the answer

#ACK
ACK = TCP(sport=SOURCE_PORT, dport=DESTINATION_PORT, flags='A', seq=SYNACK.ack, ack=SYNACK.seq + 1)
send(ip/ACK)

Setup

And also as a maybe important comment, I'm running on Windows 10

Wireshark

Because it seems as if the package never reaches my computer I turned on wireshark and found the desired package there, but nethertheless, sr1 does not terminate and even:

ans = sniff(filter=f"tcp port {DESTINATION_HOST}",lfilter=match_packet,count=12,timeout=10)
print(ans)

with

def match_packet(self, pkt):
    if pkt.haslayer(IP) and pkt[IP].dst == SOURCE_HOST \
            and pkt.haslayer(TCP) and pkt[TCP].dport == SOURCE_PORT:
            #and pkt[TCP].ack == self.seq_next:
        return True
    return False

returns

<Sniffed: TCP:0 UDP:0 ICMP:0 Other:0>

Well, did you send something to the web server so it can send you a response? otherwise the web server will wait for a request indefinately. Because [this code](https://www.fir3net.com/Programming/Python/how-to-build-a-tcp-connection-in-scapy.html) that you've taken sets up a connection, not really just sends ACK and stuff. — Torxed, May 30 '20 at 23:11
My apologies, do you mean `sr1(ip/SYNC)` is hanging? This code appears to be working flawlessly on my machine, assuming I create `SOURCE_HOST` which is missing from the example. — Torxed, May 30 '20 at 23:19
@Torxed Yes, my sr1(ip/SYN) is hanging and not receiving the SYN-ACK package altough the server sent it. I formated the code on stackoverflow wrong so DESTINATION_HOST was hidden, but now the code is (without the imports) exactly the way it is on my machine. I guess you meant that DESTINATION_HOST was missing? — Znerual, May 31 '20 at 07:47
I some how doubt that it actually sent it, at least didn't send it to the correct machine. If you're spoofing IP's there's bound to be issues, if you're doing everything on a local machine it might be issues, if it's a VM there might be issues, if you have a router there might also be issues :) We know nothing of your setup and your question is vague on what you've tried and what the current situation looks like. — Torxed, May 31 '20 at 09:01
I'm not trying to spoof my IP, SOURCE_HOST is my actual local IP adress I got from the router. And I'm also not on a virtual machine and the router could of course be a problem, but the task I'm trying to achieve should not be dependent on the rounter, I'm just trying to create an ordinary TLC handshake with manualy sending the SYN and after receiving the SYN-ACK packet the ACK packet. @Torxed, I'm happy to make my question more concrete or explain my setup in more detail, but I'm afraid I don't know how to be more specific on the question and my setup is pretty standard. — Znerual, May 31 '20 at 13:01
As this setup worked perfectly from my machine and your example is straight off the link/documentation above, I'm pretty certain (but could be wrong) that there's something wrong with your setup or assumptions of your setup. Could you perhaps draw a diagram/picture of your setup with your IP's (you can mask your external IP if you add that). — Torxed, May 31 '20 at 13:27

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

Solution

Okay I solved the problem with reinstalling NPcap and I installed it in WinPcap compatibility mode. I don't know if it would have worked with only installing it the ordinary way, without the compatability mode, because I already had the newest version installed

edited Jun 20 '20 at 09:12

Community

1
1

answered Jun 04 '20 at 19:07

Znerual

173
1
10