Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

TCP handshake using python RAW sockets

Tags:

python

linux

tcp

network-programming

raw-sockets

I am implementing a TCP handshake using python RAW sockets. The Linux kernel is however being quite annoying because it attempts to handle certain aspects of this protocol.

For example, when I send a SYN packet, the server responded with a SYN, ACK packet; to which the kernel automatically responds with a RST packet resetting the connection. I overcame this my dropping all such reset packets using the following iptable rule: 

-A OUTPUT -p tcp -m tcp --sport 999 --tcp-flags RST RST -j DROP

Now I want to receive the SYN, ACK packet sent by the server and print it out. But I receive nothing when I do the following: 

a = self.s.recvfrom(4096)

I suspect that the kernel is dropping the SYN, ACK before I can recv it using my socket. Does anyone know a reasonable workaround?

like image 362
SivaDotRender Avatar asked Aug 31 '25 20:08

SivaDotRender

2 Answers

You can use libpcap, in Python it seems this module: http://pylibpcap.sourceforge.net/ or this one: https://pypi.python.org/pypi/pypcap

With pcap you can register to receive messages from the kernel. By providing the correct filter from your application, you can receive TCP segments from the Kernel. I have used libpcap in C and I suppose you can use the indicated modules in the same way. For me this is the best solution as you can handle it from the application in a pretty standard way.

To avoid the kernel responding with a RST, your solution with iptables looks the best one for me.

like image 68
rodolk Avatar answered Sep 03 '25 11:09

rodolk

While I hope that someone comes up with a more convenient solution, one way to do it would be to use iptables to pass incoming TCP Syn packets to an nfqueue. Nfqueue has existing python bindings, so using it shouldn't be an issue.

The idea is to catch all incoming TCP Syns before they reach the kernel's TCP implementation. Then pass these packets to the nfqueue which your userland app can monitor. For each packet your app will get from the nfqueue, it will have to decide (return a verdict) of whether to handle the packet itself (i.e. drop the packet as far as the OS is concerned) or pass it along to the regular TCP implementation.

I know for a fact that this approach works, but it's cumbersome.

like image 34
Malt Avatar answered Sep 03 '25 09:09

Malt
Sign in to Comment

Related questions

Download PDF file using pdfkit and FastAPI
Add "Date Taken" Exif/XMP information to TIF file using Python
Tensorflow: Object detection api error on google colab-no module named lvis
Serverless hangs when running sls deploy. Docker command not ending
the attribute of ctypes.py_object
Computing a test hash with python pbkdf2_hmac-sha256 + salt not the same vaules
What are the roles of min_sample_split and min_sample_leaf in RandomForestClassifier? [duplicate]
How to make a polar mesh profile in Python
how to get event data from web3py?
Replace value in Pandas Dataframe based on condition
Join two defaultdicts in Python
Computing the Difference between two graphs 'edge wise' in networkx
Multiprocessing on a set number of cores
Compare difference between two columns in SQLAlchemy ORM
How can I process a pdf using OpenAI's APIs (GPTs)?
How to proportionally adjust column widths in a QTableView?
How to Set Default Argument of Class Method Equal to Class Attribute?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!