Ask Your Question
0

Invalid tcp handshake behaviour

asked 2020-02-15 09:03:24 +0000

updated 2020-02-15 12:41:22 +0000

grahamb gravatar image

Hello, I need some help. I'm using pcap.net for sending a tcp raw packet inside a LAN with some payload data. In order to be able to send the packet I need to perform a tcp handshake before sending the payload. I verified that no firewall is active in both endpoints. Also, use netstat -a / nmap scan to verify that the used ports are in "listening" state. Details for the endpoints:

source ip  - 10.0.0.7
source port - 2869
destination ip - 10.0.0.11
destination port - 5357

When sending a syn from 10.0.0.7, it can be seen that 10.0.0.11 responds with SYN-ACK. However, as I understand from the documentation, 10.0.0.7 RST the connection and right afterwards send an ACK.

The behavior always occurs and I don't know it the tcp handshake is valid. I need your help.

wireshark export file: https://drive.google.com/file/d/1zrZX...

image: https://drive.google.com/file/d/1pso_... Thank you

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-02-15 12:42:04 +0000

grahamb gravatar image

updated 2020-02-15 12:42:28 +0000

This isn't really a Wireshark issue, more one for the support systems for pcap.net. Wireshark is showing you what's happening, but the actual problem lies in your use of pcap.net.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-02-15 09:03:24 +0000

Seen: 278 times

Last updated: Feb 15 '20