Packet Crafting for TCP
Introduction
We are to realize parts of TCP protocol with the objective to understand how these parts work. The implementation method is to craft, send, and receive TCP segments.
Creating a Phantom Host
Imagining that we implement the TCP protocol our own and deploy this implementation on a host, e.g., a host running the Linux operating system. Since an operating system like Linux includes TCP implementation in its kernel, the OS will also reply to the TCP segments. This will create a confusion. Typically, there are two methods to address this.
- Use a packet filter (a network firewall is a glorified packet filter) to filter out TCP segments generated by the OS responding to our own TCP segments.
- Create a ``virtual (phantom?)’’ host that runs only our own TCP implementation.
The second method is cleaner method that we prefer here. The method is simple is to use an unused IP address on the network and reply any IPv4 ARP or IPv6 Neighbor Discovery message with this IP address. For this, we developed programs. The programs should run before we run our own TCP implementation.
Implementing TCP Protocol via Packet Crafting
The folloiwng program realizes the TCP 3-way connection set-up and
send a HTTP request. Run this within scapy3
.
ip = IP()
ip.dst = '10.1.1.34'
ip.src ='10.1.1.3' # make sure this is an allocated IP on the network
sport = 50000
dport = 50001
# S(syn)
seqno = 100
ackno = 100
syn = TCP(dport=dport, sport=50000, seq=seqno, ack=ackno, flags='S')
packet = ip / syn
synack = sr1(packet)
# Receive SA (syn-ack)
# A (ack)
seqno = seqno + 1 # !important (idential to synack.ack)
ackno = synack.seq + 1 # !important
ack = TCP(dport=dport, sport=sport, seq=seqno, ack=ackno, flags="A")
packet = ip / ack
send(packet)
# PUSH Data
# seqno = seqno # !Important
data = b"GET / HTTP/1.1\r\n\r\n"
dack = TCP(dport=dport, sport=sport, seq=seqno, ack=ackno, flags="PA")
packet = ip/dack/data
pushack = sr1(packet)
Experiment and Exploration
Implement an internetwork using virtual machines, and carry out the above experiment. Optionally, can you complete the connection-termination part of the protocol?