0

I been implementing a packet forwarder in C, and stumbled with this interesting issue.

I noticed that if i listen on tcp port with winsock, it sends back a syn-ack when a syn is recieved. If i dont listen, its sends rst-ack to indicate that the port is closed. I wish that the port wont answer at all, because i'm sniffing directly on the interface with winpcap.

Is there any solution or workaround to my problem? I had the same problem with UDP, but of course opening the port fixed it and prevented ICMP host unreachable. Now i nedd a solution to TCP.

Thanks

Eran Nahshon
  • 29
  • 1
  • 6
  • TCP sets up a bidirectional link between two peers, and each end must SYN and ACK the other SYN before the connection is open for use. On the other hand, UDP is a fire-and-forget protocol that does not care that any other device received or not. Forwarding packets has nothing to do with TCP, UDP, or any other transport or higher level protocol, so I'm not really sure why that even comes up as a problem. – Ron Maupin Oct 10 '20 at 15:21

1 Answers1

0

If you want to forward a packet without making connection, then it's better to use iptables to desgin some rules. TCP is a reliable transmission protocol, which means if you want to receive packets(it doesn't care if you want to use it or just forward), then it must estalishes a connection with three way handshake.

tyChen
  • 1,404
  • 8
  • 27
  • TCP, and other transport protocols, are the payload of the packets, and the network protocol has no idea what the packet payload is, so forwarding of packets has nothing to do with the transport protocol. Packets are forwarded by the network protocol address. – Ron Maupin Oct 10 '20 at 15:56
  • Ron, even though i want to preform port forwarding? – Eran Nahshon Oct 11 '20 at 04:23
  • An tyChen, sounds good but i will be happy to do this programmiticaly in C on windows platform – Eran Nahshon Oct 11 '20 at 04:24
  • @Eran Nahshon It seems that you haven't understand what I and Ron Maupin means. It's impossible to forward without connection. – tyChen Oct 11 '20 at 08:35
  • @EranNahshon, port forwarding is not packet forwarding. You are confusing the network layers. Port forwarding has to do with NAPT, but packet forwarding is simply routing, and the two really have nothing to do with each other, other than it is often convenient to NAT on the WAN router. Routers route packets just fine without NAT or NAPT. – Ron Maupin Oct 12 '20 at 00:59