0

I have a very simple tcp server socket listening for new connections.

use std::net::TcpListener;

fn main() {
    let listener = TcpListener::bind("127.0.0.1:7878").expect("Failed to bind to address");

    for stream in listener.incoming() {
        match stream {
            Ok(stream) => {
                println!("New connection: {}", stream.peer_addr().unwrap());
            }
            Err(e) => {
                eprintln!("Failed to accept connection: {}", e);
            }
        }
    }
}

I'm also using wire-shark to capture the traffic on loop-back interface.

when I use nmap to scan the port I succeed to send SYN get SYN ACK and Send RST ACK.

nmap command: sudo nmap -sS -p 7878 127.0.0.1

but when I send SYN packet with scapy there is no SYN ACK packet transmitted from server socket.

from scapy.all import *
import random


# Create an IP packet
ip = IP(src="127.0.0.1", dst="127.0.0.1")

src_port = random.randint(49152, 65535)
# Create a TCP SYN packet
tcp = TCP(
    sport=src_port,
    dport=7878,
    flags="S",
    seq=random.randint(0, 3_925_315),
    options=[('MSS', 1460)]  # Common MSS value, adjust if needed
)

# Combine IP and TCP headers to make a SYN packet
syn_packet = ip/tcp

print(f"Using source port: {src_port}")
print(syn_packet.show())

# Send the packet
send(syn_packet)

I'm really confused on why that is. I have analyzed the packets and they look fairly similar.

enter image description here

No. 40 is packet from scapy

No. 95-97 are packets from nmap scan

for a full comparsion here are data from both syn packets

scapy syn packet:

Frame 40: 58 bytes on wire (464 bits), 58 bytes captured (464 bits) on interface lo, id 0
    Section number: 1
    Interface id: 0 (lo)
    Encapsulation type: Ethernet (1)
    Arrival Time: Aug 25, 2024 20:59:39.903944780 +0330
    UTC Arrival Time: Aug 25, 2024 17:29:39.903944780 UTC
    Epoch Arrival Time: 1724606979.903944780
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.494911351 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 1.701934533 seconds]
    Frame Number: 40
    Frame Length: 58 bytes (464 bits)
    Capture Length: 58 bytes (464 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
        Address: Broadcast (ff:ff:ff:ff:ff:ff)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 44
    Identification: 0x0001 (1)
    000. .... = Flags: 0x0
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 64
    Protocol: TCP (6)
    Header Checksum: 0x7cc9 [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 127.0.0.1
    Destination Address: 127.0.0.1
Transmission Control Protocol, Src Port: 56622, Dst Port: 7878, Seq: 0, Len: 0
    Source Port: 56622
    Destination Port: 7878
    [Stream index: 2]
    [Conversation completeness: Incomplete, SYN_SENT (1)]
    [TCP Segment Len: 0]
    Sequence Number: 0    (relative sequence number)
    Sequence Number (raw): 2034487
    [Next Sequence Number: 1    (relative sequence number)]
    Acknowledgment Number: 0
    Acknowledgment number (raw): 0
    0110 .... = Header Length: 24 bytes (6)
    Flags: 0x002 (SYN)
    Window: 8192
    [Calculated window size: 8192]
    Checksum: 0x72d9 [correct]
    [Checksum Status: Good]
    Urgent Pointer: 0
    Options: (4 bytes), Maximum segment size
        TCP Option - Maximum segment size: 1460 bytes
            Kind: Maximum Segment Size (2)
            Length: 4
            MSS Value: 1460
        [Expert Info (Note/Protocol): The SYN packet does not contain a SACK PERM option]
            [The SYN packet does not contain a SACK PERM option]
            [Severity level: Note]
            [Group: Protocol]
    [Timestamps]
        [Time since first frame in this TCP stream: 0.000000000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]

nmap syn packet:

Frame 95: 58 bytes on wire (464 bits), 58 bytes captured (464 bits) on interface lo, id 0
    Section number: 1
    Interface id: 0 (lo)
    Encapsulation type: Ethernet (1)
    Arrival Time: Aug 25, 2024 20:59:42.108897507 +0330
    UTC Arrival Time: Aug 25, 2024 17:29:42.108897507 UTC
    Epoch Arrival Time: 1724606982.108897507
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.447899914 seconds]
    [Time delta from previous displayed frame: 2.204952727 seconds]
    [Time since reference or first frame: 3.906887260 seconds]
    Frame Number: 95
    Frame Length: 58 bytes (464 bits)
    Capture Length: 58 bytes (464 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 44
    Identification: 0x2bfd (11261)
    000. .... = Flags: 0x0
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 51
    Protocol: TCP (6)
    Header Checksum: 0x5dcd [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 127.0.0.1
    Destination Address: 127.0.0.1
Transmission Control Protocol, Src Port: 37205, Dst Port: 7878, Seq: 0, Len: 0
    Source Port: 37205
    Destination Port: 7878
    [Stream index: 4]
    [Conversation completeness: Incomplete (35)]
    [TCP Segment Len: 0]
    Sequence Number: 0    (relative sequence number)
    Sequence Number (raw): 183158121
    [Next Sequence Number: 1    (relative sequence number)]
    Acknowledgment Number: 0
    Acknowledgment number (raw): 0
    0110 .... = Header Length: 24 bytes (6)
    Flags: 0x002 (SYN)
    Window: 1024
    [Calculated window size: 1024]
    Checksum: 0x15b5 [correct]
    [Checksum Status: Good]
    Urgent Pointer: 0
    Options: (4 bytes), Maximum segment size
        TCP Option - Maximum segment size: 1460 bytes
            Kind: Maximum Segment Size (2)
            Length: 4
            MSS Value: 1460
        [Expert Info (Note/Protocol): The SYN packet does not contain a SACK PERM option]
            [The SYN packet does not contain a SACK PERM option]
            [Severity level: Note]
            [Group: Protocol]
    [Timestamps]
        [Time since first frame in this TCP stream: 0.000000000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]
Improve this question
2
  • this question is sunddenly fixed on my system Commented Oct 26, 2024 at 9:12
  • The issues is not reproducible anymore. Commented Oct 26, 2024 at 9:13

1 Answer 1

Reset to default
0

Check your outgoing TCP port. If you are trying to make some connections in short time interval from the same outgoing port - server will not answer.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

read my comments below the question the issue seems to have just fixed it self I cannot recreate the same environment anymore so I can't really ever find out what was wrong at that time.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.