views:

48

answers:

1

Hello,

I tried to send SYN packets on my local network and monitoring them with Wireshark and everything works just fine, except when i try to send a packet to my own ip address it "seems" to work because it says Sent 1 packet, but it is not really sent, i can't see the packet in Wireshark nor any answers to the packet. My setup is a computer A ( 192.168.0.1 ) with a TCP Socket Server listening on port 40508, and a computer B ( 192.168.0.2 ).

On Computer B i test:

ip=IP(src="192.168.0.2",dst="192.168.0.1")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

It works fine, i see the SYN packet on Wireshark and the SYN/ACK response from 192.168.0.1

On Computer A i test:

ip=IP(src="192.168.0.1",dst="192.168.0.2")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

It works fine too, i see the SYN packet and the RST/ACK ( there is no server listening on port 40508 on 192.168.0.2 so it sends a RST/ACK ) response from 192.168.0.2

But when i try on Computer A :

ip=IP(src="192.168.0.2",dst="192.168.0.1")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

Nothing appears in Wireshark, as if the packet was never sent but it said like the other tests : Sent 1 packets. and returned no error whatsoever. If i run the same test on computer B and try to send a packet to its own IP address i got the same problem.

For my program i really need to send a SYN packet to my own IP address, is there a way to do that or is it impossible ?

Thanks in advance,

Nolhian

+2  A: 

What network device(s) is your Wireshark installation listening on? I suspect it's listening on the actual network card (ethernet, wifi, or otherwise, as per the Wireshark FAQ) -- and when sending from a computer to itself the OS can of course bypass the device (why bother with it?) and just do the "sending" by copying bits around within the TCP/IP stack in kernel memory.

In other words I suspect your packet is being sent OK, just Wireshark may not see it. To verify this hypothesis, you could try (e.g.) using your browser to visit existent and nonexistent ports on your local machine, and see if Wireshark sees those packets or not.

Alex Martelli
In other words, the packet is sent on the loopback interface.
Borealid
Thanks for you answers, i checked and that's exactly it, the packet is on the loopback interface, wireshark sees it on lo. Since i have no SYN/ACK answer from the packet i guess it never reaches 192.168.0.1, i tried also to put another port with nothing listening on it and still no RST/ACK answer. So i tried making the server listening on 127.0.0.1 instead of 192.168.0.1 but still nothing, the generated packet is sent on the loopback but it doesn t respond. If the server is on 127.0.0.1 and i write a python client with a TCP socket connection on it, it works fine...
Nolhian
I'm really lost there :( Any idea on why it never respond locally but it does when the same generated packet is sent by another computer or when TCP socket tries to connect ( even locally ) ?
Nolhian
Thanks a lot for your help, found the second part of the answer there : http://www.secdev.org/projects/scapy/doc/troubleshooting.html#i-can-t-ping-127-0-0-1-scapy-does-not-work-with-127-0-0-1-or-on-the-loopback-interface if people passing by are searching the solution too :)
Nolhian
@Nolhian, +1 -- hadn't thought of checking scapy's docs, was just reasoning in generic TCP/IP terms here.
Alex Martelli
Yes i saw that and that was really well reasoning and helpful. Your answer was definitely the reason why i searched for a loopback problem, thanks again ;)
Nolhian