tags:

views:

48

answers:

1
+2  Q: 

Scapy SYN send on our own IP address

Hello,

I tried to send SYN packets on my local network and monitoring them with Wireshark and everything works just fine, except when i try to send a packet to my own ip address it "seems" to work because it says Sent 1 packet, but it is not really sent, i can't see the packet in Wireshark nor any answers to the packet. My setup is a computer A ( 192.168.0.1 ) with a TCP Socket Server listening on port 40508, and a computer B ( 192.168.0.2 ).

On Computer B i test:

ip=IP(src="192.168.0.2",dst="192.168.0.1")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

It works fine, i see the SYN packet on Wireshark and the SYN/ACK response from 192.168.0.1

On Computer A i test:

ip=IP(src="192.168.0.1",dst="192.168.0.2")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

It works fine too, i see the SYN packet and the RST/ACK ( there is no server listening on port 40508 on 192.168.0.2 so it sends a RST/ACK ) response from 192.168.0.2

But when i try on Computer A :

ip=IP(src="192.168.0.2",dst="192.168.0.1")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

Nothing appears in Wireshark, as if the packet was never sent but it said like the other tests : Sent 1 packets. and returned no error whatsoever. If i run the same test on computer B and try to send a packet to its own IP address i got the same problem.

For my program i really need to send a SYN packet to my own IP address, is there a way to do that or is it impossible ?

Thanks in advance,

Nolhian

+2  A: 

What network device(s) is your Wireshark installation listening on? I suspect it's listening on the actual network card (ethernet, wifi, or otherwise, as per the Wireshark FAQ) -- and when sending from a computer to itself the OS can of course bypass the device (why bother with it?) and just do the "sending" by copying bits around within the TCP/IP stack in kernel memory.

In other words I suspect your packet is being sent OK, just Wireshark may not see it. To verify this hypothesis, you could try (e.g.) using your browser to visit existent and nonexistent ports on your local machine, and see if Wireshark sees those packets or not.

Alex Martelli  2010-07-10 05:22:11
In other words, the packet is sent on the loopback interface.
Borealid  2010-07-10 05:24:40
Thanks for you answers, i checked and that's exactly it, the packet is on the loopback interface, wireshark sees it on lo. Since i have no SYN/ACK answer from the packet i guess it never reaches 192.168.0.1, i tried also to put another port with nothing listening on it and still no RST/ACK answer. So i tried making the server listening on 127.0.0.1 instead of 192.168.0.1 but still nothing, the generated packet is sent on the loopback but it doesn t respond. If the server is on 127.0.0.1 and i write a python client with a TCP socket connection on it, it works fine...
Nolhian  2010-07-10 06:41:48
I'm really lost there :( Any idea on why it never respond locally but it does when the same generated packet is sent by another computer or when TCP socket tries to connect ( even locally ) ?
Nolhian  2010-07-10 06:42:17
Thanks a lot for your help, found the second part of the answer there : http://www.secdev.org/projects/scapy/doc/troubleshooting.html#i-can-t-ping-127-0-0-1-scapy-does-not-work-with-127-0-0-1-or-on-the-loopback-interface if people passing by are searching the solution too :)
Nolhian  2010-07-10 07:22:26
@Nolhian, +1 -- hadn't thought of checking scapy's docs, was just reasoning in generic TCP/IP terms here.
Alex Martelli  2010-07-10 15:07:13
Yes i saw that and that was really well reasoning and helpful. Your answer was definitely the reason why i searched for a loopback problem, thanks again ;)
Nolhian  2010-07-10 23:37:41

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python