I’m attempting to craft a raw TCP packet to send over Ether in a raw socket on a linux client and server. The special part of the TCP packet is that I’m attempting to use the raw data field of the TCP SYN packet and RST packet to send data back and forth (for a proof of concept about an unused part of the TCP protocol).
I’ve disabled RST packets from my iptables on the server.
In short, here’s my current situation:
- Client sends SYN with data is sent to server
- Server receives a SYN packet without data
- Server responds with a RST packet with data
- Client receives a RST packet without data
But, using the same socket, I can successfully do this:
- SYN without data sent to server
- Server receives a SYN packet
- Server responds with a SYN ACK packet with data
- Client receives a SYN ACK packet without data
- Client receives a PSH ACK packet with data
Can someone explain to me why the packets I send don’t seem to make it to the server in the same way I send them?
Why am I receiving two packets (one with SYN ACK and one with PSH ACK) in my successful attempts?
SYN and RST packets seem to lose their data, but SYN ACK packets don’t. Is this a firewall issue?
If so, how can I debug what’s intercepting my packets?
Thanks!
Advertisement
Answer
Turns out the VMWare virtual adapter was modifying the packets in transit. When I did a packet capture on the host operating system, there were no issues transmitting data.