Manually Performing the TCP Three-Way Handshake with Scapy

By /

Listen to this Post

As part of cybersecurity and networking practice, manually crafting and controlling the TCP handshake using Scapy provides a deeper understanding of network protocols. Instead of relying on automated tools like Wireshark, this hands-on approach involves:

  1. Sending a SYN packet with a custom sequence number.
  2. Receiving a SYN-ACK and extracting the serverā€™s ISN (Initial Sequence Number).
  3. Crafting the ACK with `ack = server_isn + 1` to complete the handshake.
  4. Monitoring the open port using `netstat` after adjusting the SYN-ACK retry timeout to 10 minutes under /proc/sys/net/ipv4/tcp_synack_retries.

This experiment highlights the importance of understanding TCP state transitions, timeout configurations, and network monitoringā€”essential skills for cybersecurity and network forensics professionals.

You Should Know:

Here are some practical commands and codes related to the article:

1. Crafting a SYN Packet with Scapy:

from scapy.all import *
syn_packet = IP(dst="target_ip")/TCP(sport=1234, dport=80, flags="S", seq=1000)
send(syn_packet)

2. Monitoring TCP Connections with Netstat:

watch netstat -an | grep 2111

3. Adjusting SYN-ACK Retry Timeout:

echo 600 > /proc/sys/net/ipv4/tcp_synack_retries

4. Extracting Serverā€™s ISN from SYN-ACK Packet:

syn_ack_packet = sniff(filter="tcp and host target_ip", count=1)[0]
server_isn = syn_ack_packet[TCP].seq

5. Crafting the Final ACK Packet:

ack_packet = IP(dst="target_ip")/TCP(sport=1234, dport=80, flags="A", seq=1001, ack=server_isn + 1)
send(ack_packet)

6. Checking Open Ports with Netstat:

netstat -tuln

7. Using Tcpdump for Packet Capture:

tcpdump -i eth0 tcp port 80

8. Analyzing Traffic with Wireshark:

wireshark -k -i eth0

What Undercode Say:

Understanding the TCP three-way handshake is fundamental for cybersecurity professionals. By manually crafting packets with Scapy, you gain insights into how network protocols operate at a granular level. This knowledge is invaluable for tasks like penetration testing, network forensics, and troubleshooting.

Additionally, mastering Linux commands like netstat, tcpdump, and system configurations under `/proc/sys/net/ipv4/` enhances your ability to monitor and secure networks. Combining these tools with Python scripting using Scapy empowers you to simulate and analyze complex network interactions, making you a more effective cybersecurity practitioner.

For further reading, check out these resources:

References:

Reported By: Taiwo Ukwedje – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass āœ…

Join Our Cyber World:

Whatsapp
TelegramFeatured Image

Related Posts: