First, use Wireshark to validate your spoofed packets have a correct TCP checksum. If your spoofed packets have invalid TCP checksums, they will be dropped by the receiver. To turn this feature on in Wireshark: Edit > Preferences > Protocols > TCP > Validate the TCP checksum if possible
Besides the sequence numbers, also confirm that you are correctly manipulating the TCP timestamp values. If the sequence numbers are correct, but the TCP timestamp option is old, then the receiver will still drop the packet.
Here is a function to increment the TCP timestamp, it might do the trick for you.
def inc_timestamp(packet, TSval_inc, TSecr_inc):
if packet.haslayer(TCP):
for i, option in enumerate(packet[TCP].options): # Timestamp option format: tuple(name, tuple(time1, time2))
if str(option[0]) == "Timestamp": # Ex. ('Timestamp', (7797613, 414050))]
packet[TCP].options[i] = option[0], (option[1][0]+TSval_inc,option[1][1]+TSecr_inc)
If you are creating these packets from scratch in Scapy, you may have to add the TCP timestamp option field as it is not included by default in the Scapy TCP() layer. Either way, the code provided above should give you the necessary format information to do this.
发布评论
评论(1)
首先,使用 Wireshark 验证欺骗数据包是否具有正确的 TCP 校验和。如果您的欺骗数据包具有无效的 TCP 校验和,它们将被接收方丢弃。要在 Wireshark 中打开此功能:编辑 >首选项>协议> TCP>如果可能,请验证 TCP 校验
和 除了序列号之外,还要确认您是否正确操作了 TCP 时间戳 值。如果序列号正确,但 TCP 时间戳选项是旧的,则接收方仍会丢弃数据包。
这是一个增加 TCP 时间戳的函数,它可能对您有用。
如果您在 Scapy 中从头开始创建这些数据包,您可能必须添加 TCP 时间戳选项字段,因为默认情况下它不包含在 Scapy TCP() 层中。无论哪种方式,上面提供的代码都应该为您提供执行此操作所需的格式信息。
First, use Wireshark to validate your spoofed packets have a correct TCP checksum. If your spoofed packets have invalid TCP checksums, they will be dropped by the receiver. To turn this feature on in Wireshark: Edit > Preferences > Protocols > TCP > Validate the TCP checksum if possible
Besides the sequence numbers, also confirm that you are correctly manipulating the TCP timestamp values. If the sequence numbers are correct, but the TCP timestamp option is old, then the receiver will still drop the packet.
Here is a function to increment the TCP timestamp, it might do the trick for you.
If you are creating these packets from scratch in Scapy, you may have to add the TCP timestamp option field as it is not included by default in the Scapy TCP() layer. Either way, the code provided above should give you the necessary format information to do this.