scapy 3-way hand shake not work

Question

I want to use scapy to do tcp 3-way hand shake, my code is below:

from scapy.all import *
# VARIABLES
src = sys.argv[1]
dst = sys.argv[2]
sport = random.randint(20000,65535)
dport = int(sys.argv[3])
print src
print dst
print sport
print dport
# SYN
ip=IP(src=src,dst=dst)
SYN=TCP(sport=sport,dport=dport,flags='S',seq=1000)
SYNACK=sr1(ip/SYN)
SYN.show()
SYNACK.show()
# ACK
seq=SYNACK.ack + 1
ack=SYNACK.seq + 1
print seq
print ack
ACK=TCP(sport=sport, dport=dport, flags='A', seq=seq, ack=ack)
sr1(ip/ACK)
ACK.show()

exec command:

python 3WSK.py 10.16.11.21 10.11.157.130 26789

And the SYNACK result is below:

###[ IP ]###
version   = 4L
ihl       = 5L
tos       = 0x0
len       = 44
id        = 0
flags     = DF
frag      = 0L
ttl       = 60
proto     = tcp
chksum    = 0x821a
src       = 10.11.157.130
dst       = 10.16.11.21
\options   \
###[ TCP ]###
sport     = 26789
dport     = 35067
seq       = 1918207620
ack       = 1001
dataofs   = 6L
reserved  = 0L
flags     = SA
window    = 5840
chksum    = 0xd630
urgptr    = 0
options   = [('MSS', 1460)]
###[ Padding ]###
load      = '\x00\x00'

but my tcp server not log any thing.

for test: I use telnet 10.11.157.130 26789 to connect my tcp server, then my tcp server can log something like: "INFO l.t.TcpServer - in, /10.16.11.21:34906"

So, I`m not sure my scapy code is connect successful or not, I also want to know
how to validate whether tcp connect is work or not. thanks

Answer 1

Check if you see a RST being sent from your os when the SYN+ACK arrives. If so have a look at this answer and drop the RST with iptables:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s <your_ip> -j DROP

If thats not the case have a look at this gist which works fine for me.