0

i wanna create a TCP-3 way handshake in my ubuntu. i used a kali linux in a virtual machine. and in terminal of kali linux(IP- 172.16.28.130) i opened a port in "LISTEN " mode to get a connection with that machine.

nc -l -p 1025

my python code which ran in ubuntu host machine,

#!/usr/bin/python
from scapy.all import *
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

#if i send to broadcast address : 192.168.1.255 what will happen?
def sendPacket(src, dst):
   ip = IP(dst = dst)
   port = RandNum(1024, 65535)
   SYN = ip / TCP(sport=port, dport=1025, flags="S", seq = 42)
   SYNACK = sr1(SYN, verbose=0)

   ACK = ip / TCP(sport = SYNACK.dport, dport=80, flags="A", seq = SYNACK.ack, ack = SYNACK.seq + 1)
   send(ACK)

   print "Done!!\n"

src = '1.2.3.4'
dst = '172.16.28.130'
sendPacket(src, dst)

the packets capture using wireshark,

3      172.16.28.1   172.16.28.130   TCP   54   64865 > blackjack [SYN] Seq=0 Win=8192 Len=0

4      172.16.28.130   172.16.28.1   TCP   60   blackjack > 64865 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460

7      172.16.28.1   172.16.28.130   TCP   54   64865 > blackjack [RST] Seq=1 Win=0 Len=0

8      172.16.28.1   172.16.28.130   TCP   54   64865 > http [ACK] Seq=1 Ack=1 Win=8192 Len=0

9      172.16.28.130   172.16.28.1   TCP   60   http > 64865 [RST] Seq=1 Win=0 Len=0

before ran the code, i changed IPtable,

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.20 -j DROP

when i changed the destination to , dst = "www.google.com" and destination port to, dport=80 it was working fine.

but now, 1) i could send SYN packet 2) the destination respond with SYN, ACK packets 3) my system sends RST 4) i sent ACK 5) destination system reply with RST So i can't establish a connection!! Questions: 1) how can i success full establish a connection 2) my source ip = "1.2.3.4", * but when i sent to virtual machine it shows 172.16.28.1(Broadcast ip). why?

Improve this question
0

1 Answer 1

Reset to default
1

1) how can i success full establish a connection

Here's a guess. Change your iptables command to:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 172.16.28.1 -j DROP

When you connect to google.com, you are connecting through your physical Ethernet device, which has IP 192.168.x.y, so the -s argument matches.

When you connect to Kali, you are connecting through a virtual Ethernet device which has address 172.16.x.y, so the -s doesn't match.

You need to drop the RST packets from the correct output queue.

2) my source ip = "1.2.3.4", * but when i sent to virtual machine it shows 172.16.28.1(Broadcast ip). why?

First, 172.16.28.1 is not your broadcast IP. It is the IP of your host computer's virtual Ethernet device.

The reasons why your source IP isn't appearing is that you aren't using it:

ip = IP(dst = dst)

You specify a destination address, but no source address. Some entity (scapy or the host OS IP stack, I'm not sure) is choosing a reasonable source address for you. You might try:

ip = IP(dst = dst, src = src)

and see what happens there.

Improve this answer
1
  • the src problem solved. thanks.. but i could not establish a connection yet. i changed iptables in all ways like, "iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 192.168.1.7 -j DROP", iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 172.16.28.1 -j DROP, "iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 172.16.28.130 -j DROP".....but no difference. my system sends RST . do i need to change anything in Kali ?
    – mr.Cracker
    Commented Aug 29, 2014 at 11:57

Not the answer you're looking for? Browse other questions tagged or ask your own question.