I have TCP client and server sockets and I have set the socket option IP_TOS on both the client and server socket with different values(say Client dscp = 0x21 and Server Dscp = 0x38).
Now when I am trying to connect to the server the syn Packet contains dscp value 0x21 but the Syn ack packet from the server does not contain dscp 0x38 instead it is same as client i.e. 0x21.
Is this the correct behaviour??
Consider both server and client is linux Socket.
Yes it is the correct behaviour. Any ACK packet including a SYN/ACK belongs to the stream it is ACK-ing, so it obeys the sequencing, TOS, etc, of that stream.
Related
As the title said. I want to construct udp packets and send them to local process which has bound specific port. I want to make the process believe in that the packets are from other host(such as 8.8.8.8). What arguments should I pass to socket() and sendto()?
I an simulating http client traffic with RAW socket.
I send a SYN packet then get the SYN-ACK from the server.
Finally I send an ACK+request packet and waits for the response.
I noticed that when using wget or curl,
the first ACK and the request are sent in two different packets.
why is that, and is that relevant to anything?
A client application that uses a TCP socket typically calls socket() then connect() then send(). The connect() function establishes the TCP connection, and to do this the TCP protocol requires 3 packets: SYN, SYN+ACK, ACK. After that the send() call sends the first data. Therefore the ACK and data are sent separately.
I think your packet flow probably does satisfy the TCP protocol (see https://www.rfc-editor.org/rfc/rfc793), but it is unusual.
I'm attempting to craft a raw TCP packet to send over Ether in a raw socket on a linux client and server. The special part of the TCP packet is that I'm attempting to use the raw data field of the TCP SYN packet and RST packet to send data back and forth (for a proof of concept about an unused part of the TCP protocol).
I've disabled RST packets from my iptables on the server.
In short, here's my current situation:
Client sends SYN with data is sent to server
Server receives a SYN packet without data
Server responds with a RST packet with data
Client receives a RST packet without data
But, using the same socket, I can successfully do this:
SYN without data sent to server
Server receives a SYN packet
Server responds with a SYN ACK packet with data
Client receives a SYN ACK packet without data
Client receives a PSH ACK packet with data
Can someone explain to me why the packets I send don't seem to make it to the server in the same way I send them?
Why am I receiving two packets (one with SYN ACK and one with PSH ACK) in my successful attempts?
SYN and RST packets seem to lose their data, but SYN ACK packets don't. Is this a firewall issue?
If so, how can I debug what's intercepting my packets?
Thanks!
Turns out the VMWare virtual adapter was modifying the packets in transit. When I did a packet capture on the host operating system, there were no issues transmitting data.
The iptables are stopped, whenever i tried to send packet with scapy i'm getting the packet is getting
RST after SYN/ACK
the iptables are stopped,
the packet are send from MACOSX to Linux OS
This is probably an RST packet sent by the MacOS IP stack.
Scapy (on the MacOS computer) sends a TCP SYN packet.
The IP stack of the Linux computer sends a TCP SYN-ACK packet (the port is open).
The IP stack of the MacOS computer receives the TCP SYN-ACK packet while it has not sent a matching TCP SYN packet. It sends a RST packet, as it is supposed to do.
You can use a firewall on the MacOS computer to prevent the IP stack from getting the SYN-ACK packet.
Is there a way to send UDP packets through a SOCKS5 proxy in NodeJS?
Similarly, is it possible to bind a UDP socket to a specific localAddress?
The SOCKS5 protocol supports UDP connections, however most libraries for SOCKS5 only support TCP since UDP isn't very frequently used on the web (except for DNS). The protocol itself isn't very complicated, so it shouldn't be to hard to rewrite an existing library (maybe this one?) to suit your needs.
To send UDP packets from your client, you have to specify value 0x03 in field 2 of your client's connection request. See the fields of the client's connection request:
field 1: SOCKS version number, 1 byte (must be 0x05 for this version)
field 2: command code, 1 byte:
0x01 = establish a TCP/IP stream connection
0x02 = establish a TCP/IP port binding
0x03 = associate a UDP port
field 3: reserved, must be 0x00
field 4: address type, 1 byte:
0x01 = IPv4 address
0x03 = Domain name
0x04 = IPv6 address
field 5: destination address of
4 bytes for IPv4 address
1 byte of name length followed by the name for Domain name
16 bytes for IPv6 address
field 6: port number in a network byte order, 2 bytes
For instance, the line of code in the referenced library would need change from 0x01 to 0x03:
buffer.push(0x01); // Command code: establish a TCP/IP stream connection
I don't know how you could bind to specific local address.
According to http://www.ietf.org/rfc/rfc1928.txt and http://en.wikipedia.org/wiki/SOCKS#SOCKS5, UDP should really be supported in Socks5.
However, if you look at some SOCKS5 implementation, you'll see that UDP is not supported in the implementation. For example: https://gist.github.com/telamon/1127459 or https://gist.github.com/robertpitt/3203203 (.
So, the short answer is NO, unless you'll find library that supports it (UDP binding).