Server didnt receive my packet

Nov 25, 2014 at 2:32 PM
Edited Nov 25, 2014 at 2:36 PM
Here is my packet build
        private Packet BuildTcpPacket(string SourceIP, string DestIP, int sourceport, int destport,
            string payload, bool syn, bool ack, bool fin, bool rst, bool urg, bool psh, bool cwr, bool enc, bool ns, bool none)
        {
            EthernetLayer ethernetLayer = new EthernetLayer
            {
                Source = new MacAddress(tbMacVs.Text),  //doublechecked its OK
                Destination = new MacAddress(tbMacVy.Text), //OK
                EtherType = EthernetType.None, // Will be filled automatically.
            };

            IpV4Layer ipV4Layer = new IpV4Layer
            {
                Source = new IpV4Address(SourceIP), //OK
                CurrentDestination = new IpV4Address(DestIP),  //OK
                Fragmentation = IpV4Fragmentation.None,
                HeaderChecksum = null, // Will be filled automatically.
                Identification = (ushort)Convert.ToInt16("1000"), //10
                Options = IpV4Options.None,
                Protocol = null, // Will be filled automatically.
                Ttl = (byte)Convert.ToInt16("64"), //32
                TypeOfService = 0,
            };

            TcpLayer tcpLayer = new TcpLayer();
            tcpLayer.SourcePort = (ushort)sourceport; //OK
            tcpLayer.DestinationPort = (ushort)destport; //OK
            tcpLayer.Checksum = null;// Will be filled automatically.
            tcpLayer.SequenceNumber = Convert.ToUInt16("124");
            tcpLayer.AcknowledgmentNumber = (ushort)Convert.ToUInt16("0");
            if (syn)
                tcpLayer.ControlBits = TcpControlBits.Synchronize;
            if (ack)
                tcpLayer.ControlBits = TcpControlBits.Acknowledgment;
            //if (fin)
            //    tcpLayer.ControlBits = TcpControlBits.Fin;
            //if (rst)
            //    tcpLayer.ControlBits = TcpControlBits.Reset;
            //if (urg)
            //    tcpLayer.ControlBits = TcpControlBits.Urgent;
            //if (psh)
            //    tcpLayer.ControlBits = TcpControlBits.Push;
            //if (cwr)
            //    tcpLayer.ControlBits = TcpControlBits.CongestionWindowReduced;
            //if (enc)
            //    tcpLayer.ControlBits = TcpControlBits.ExplicitCongestionNotificationEcho;
            //if (ns)
            //    tcpLayer.ControlBits = TcpControlBits.NonceSum; // not a flag, rather a tcp header bit set
            //if (none)
            //    tcpLayer.ControlBits = TcpControlBits.None;


            tcpLayer.Window = (ushort)Convert.ToUInt16("0");
            tcpLayer.UrgentPointer = 0;
            tcpLayer.Options = TcpOptions.None;

            PayloadLayer payloadLayer = new PayloadLayer
            {
                Data = new Datagram(Encoding.ASCII.GetBytes(payload)),
            };

            PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, tcpLayer, payloadLayer);

            return builder.Build(DateTime.Now);
        }
Calling and sanding
                    PacketCommunicator communicator = selectedDevice.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000);

                            communicator.SendPacket(BuildTcpPacket(sourceip, attackip, sourceport, destport1, payload, SYN, false, false, false, false, false, false, false, false, false));
I can send to server ACK packet but other didnt work(SYN, FIN etc,,,,) Where is problem i just doublechecked all of Addresses (MAC, IP) port ..

My job what i want to do is sanding this packets without established of TCP connection (Im sending this packets to blocked ports)

Please help
Coordinator
Nov 28, 2014 at 9:13 AM
Hi lexa47,

When you say "didnt work", what exactly do you mean?
Was the packet not sent?
Can you provide a pcap file with the output of your application?

Boaz.
Nov 28, 2014 at 11:11 PM
Edited Nov 28, 2014 at 11:12 PM
Image

and here is wireshark capture, where i send Syn, Fin, Rst on different ports, but never reach the server. I tested it with tcpdump. On this ports is running deamon, which scan for TCP/UDP packets, even if they are blocked.

Wireshark LOG
Coordinator
Dec 20, 2014 at 12:55 PM
Did you try to imitate packets that have reached the server (regular ones, that you haven't created)?