Databases
StackOverflow2013
Postsdbo
POSpoofing a TCP Server handshake failing
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpoofing a TCP Server handshake failing
    primarykey
    data
    text
    <p>I am looking to build a simple server to proxy TCP connections at the gateway of my network (none malicious intent) but the TCP handshake is failing.</p> <p>Using netfilter, I have managed to change the IP and port of incoming TCP packets so they are diverted to my application and also change them back to the original on the way back out as well as updating all checksums. </p> <p>My server is currently sending back the SYN-ACK, which gets to the intended host but the ACK is never generated. According to wireshark the packet is well formed no problems with the checksum, the SYN and ACK values seem to match up.</p> <p>Here is the TCP Dump output</p> <p>Successful Handshake without my proxy</p> <pre><code>16:21:08.887938 IP 192.168.1.1.37513 &gt; 192.168.2.56.12105: Flags [S], seq 4201716329, win 14000, options [mss 1400,sackOK,TS val 727682 ecr 0,nop,wscale 2], length 0 16:21:08.889870 IP 192.168.2.56.12105 &gt; 192.168.1.1.37513: Flags [S.], seq 34328406, ack 4201716330, win 14480, options [mss 1460,sackOK,TS val 1879286956 ecr 727682,nop,wscale 5], length 0 16:21:08.891751 IP 192.168.1.1.37513 &gt; 192.168.2.56.12105: Flags [.], ack 1, win 3500, options [nop,nop,TS val 727683 ecr 1879286956], length 0 </code></pre> <p>Failing handshake with my proxy</p> <pre><code>16:21:49.767611 IP 192.168.1.1.37514 &gt; 192.168.2.56.12105: Flags [S], seq 2057472079, win 14000, options [mss 1400,sackOK,TS val 731770 ecr 0,nop,wscale 2], length 0 16:21:49.768522 IP 192.168.2.56.12105 &gt; 192.168.1.1.37514: Flags [S.], seq 1201001621, ack 2057472080, win 14480, options [mss 1460,sackOK,TS val 7621570 ecr 731770,nop,wscale 4], length 0 </code></pre> <p>After this the client and server just resend the ack/syn-ack. </p> <p>Is there something obvious I am missing? Or does anyone have any advice on how I should start to debug the issue?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USDarkRyuu
    1. USDarkRyuu
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POSpoofing a TCP Server handshake failing
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POSpoofing a TCP Server handshake failing
      1. This table or related slice is empty.
      1. VTUpMod
    1. COAre you sure the SYN-ACK packet is reaching the client, and not being filtered somehow? Can you run tcpdump on the client to verify that it's receiving the packet?
      singulars
      1. POSpoofing a TCP Server handshake failing
      1. USDavid Gelhar
    2. COSorry I didn't specify, the dump provided is from the client.
      singulars
      1. POSpoofing a TCP Server handshake failing
      1. USDarkRyuu
    3. COTry to add dump from server side also. What the IPs of client, server, proxy? How packets are intercepted by proxy?
      singulars
      1. POSpoofing a TCP Server handshake failing
      1. USNikolai
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload