The blog article cited in other answers is not entirely correct. It's not only that you aren't completing the three way handshake, it's that the kernel's IP stack has no idea that there's a connection happening. When it receives the SYN-ACK
, it sends a RST-ACK
because it's unexpected. Receiving first or last really doesn't enter into it. The stack receiving the SYN-ACK
is the issue.
Using IPTables to drop outbound RST
packets is a common and valid approach, but sometimes you need to send a RST
from Scapy. A more involved but very workable approach is to go lower, generating and responding to ARP with a MAC that is different from the host's. This allows you to have the ability to send and receivingreceive anything without any interference from the host.
Clearly this is more effort. Personally, I only take this approach (as opposed to the RST
dropping approach) when I actually need to send a RST
myself.