How to destroy a TCP connection using tcp.reset

asked 2018-02-07 17:49:48 +0000

avatli gravatar image

I have written an HTTP traffic filtering application. I can drop a packet and now I need to reset the connection using tcp-reset flag instead of dropping the packet.

When I set the packet's tcp.reset, Ubuntu's Network stack does not destroy the tcp connection. I tested the case with iperf3 and the relevant part of pcap log is below. I'm think I did the right thing but I could not understand where the problem is?

20:08:39.824960 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [.], seq 27512:31856, ack 1, win 229, options [nop,nop,TS val 138003069 ecr 44499133], length 4344

20:08:39.824967 IP 192.168.2.200.5201 > 192.168.2.125.58058: Flags [.], ack 31856, win 3330, options [nop,nop,TS val 44499133 ecr 138003069], length 0

20:08:39.825254 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [.], seq 31856:43440, ack 1, win 229, options [nop,nop,TS val 138003069 ecr 44499133], length 11584

20:08:39.825274 IP 192.168.2.200.5201 > 192.168.2.125.58058: Flags [.], ack 43440, win 3344, options [nop,nop,TS val 44499133 ecr 138003069], length 0

20:08:39.825809 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [.], seq 43440:46336, ack 1, win 229, options [nop,nop,TS val 138003069 ecr 44499133], length 2896

20:08:39.825845 IP 192.168.2.200.5201 > 192.168.2.125.58058: Flags [.], ack 46336, win 3344, options [nop,nop,TS val 44499133 ecr 138003069], length 0

20:08:39.826031 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [.], seq 46336:65160, ack 1, win 229, options [nop,nop,TS val 138003069 ecr 44499133], length 18824

20:08:39.826067 IP 192.168.2.200.5201 > 192.168.2.125.58058: Flags [.], ack 65160, win 3322, options [nop,nop,TS val 44499133 ecr 138003069], length 0

20:08:39.826450 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [.], seq 65160:98464, ack 1, win 229, options [nop,nop,TS val 138003069 ecr 44499133], length 33304

20:08:39.826498 IP 192.168.2.200.5201 > 192.168.2.125.58058: Flags [.], ack 98464, win 3246, options [nop,nop,TS val 44499133 ecr 138003069], length 0

20:08:39.827222 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [.], seq 98464:128872, ack 1, win 229, options [nop,nop,TS val 138003070 ecr 44499133], length 30408

20:08:39.827259 IP 192.168.2.200.5201 > 192.168.2.125.58058: Flags [.], ack 128872, win 3261, options [nop,nop,TS val 44499134 ecr 138003070], length 0

20:08:39.827437 IP 192.168.2.125.58058 > 192.168.2.200.5201: Flags [P.], seq 128872:131072, ack 1, win 229, options [nop,nop,TS val 138003070 ... (more)

edit retag flag offensive close merge delete

Comments

Can you provide the packet capture? See https://blog.packet-foo.com/2016/11/t... if you need to sanitize the packets first.

Christian_R gravatar imageChristian_R ( 2018-02-07 19:44:55 +0000 )edit

I tried to provide the capture but I don't have enough point. I can send it via e-mail?

avatli gravatar imageavatli ( 2018-02-07 20:10:28 +0000 )edit