How to Reproduce Tcp Protocol 3-Way Handshake with Raw Sockets Correctly

  • Home
  • Languages
  • C++
  • How to Reproduce Tcp Protocol 3-Way Handshake with Raw Sockets Correctly

TCP handshake using python RAW sockets

You can use libpcap, in Python it seems this module: http://pylibpcap.sourceforge.net/ or this one: https://pypi.python.org/pypi/pypcap

With pcap you can register to receive messages from the kernel. By providing the correct filter from your application, you can receive TCP segments from the Kernel. I have used libpcap in C and I suppose you can use the indicated modules in the same way. For me this is the best solution as you can handle it from the application in a pretty standard way.

To avoid the kernel responding with a RST, your solution with iptables looks the best one for me.

Bypass TCP three way handshaking?

You may like to have a look at TCP fast open, which modern Linux kernels implement:

TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie (a TCP option) in the initial SYN packet to authenticate a previously connected client. If successful, it may start sending data to the client before the receipt of the final ACK packet of the three way handshake is received, skipping a round trip and lowering the latency in the start of transmission of data.

Why my TCP packet doesn't seems like a TCP packet for protocol analyzers?

Like @Sivir said you need to establish a three way handshake because you want to use the TCP protocol. In theory the handshake should look like this

  • YourProgram: sends a SYN packet
  • Server: sends SYNACK packet
  • YourProgram: sends a ACK packet

More information regarding this can be found here.

TCP handshake: at which point exactly the connection is considered established and data can be sent?

The accepted answer isn't entirely correct. There are two cases that it fails to address.

The first is TCP Fast Open. This is defined in RFC 7413. It is specifically designed to allow a server to begin processing data sent on the SYN, even sending responsive data in the SYN ACK, not needing the final ACK of the three way handshake.

The second is that RFC 793 for TCP actually does permit data on the SYN; however, this data is not processed (excepting fast open) until the connection completes. If the connection never completes, the data is obviously dropped.


Related Topics

Programmatically Getting Per-Process Disk Io Statistics on Windows

Multithreading on Dual Core MAChine

How to Install G++ on MACos X

Absence of Typeof Operator in C++03

Cocreateinstance Returning E_Nointerface Even Though Interface Is Found

R: C++ Optimization Flag When Using the Inline Package

How to Bit Shift a Long by More Than 32 Bits

Cannot Evaluate Function -- May Be Inlined

Can a Lambda Capturing Nothing Access Global Variables

Why Is Operator""S Hidden in a Namespace

Pointer to Class Member as a Template Parameter

Macro and Member Function Conflict

Register an Object Creator in Object Factory

0Xc0000005: Access Violation Reading Location 0X00000000

Gcc 7, -Wimplicit-Fallthrough Warnings, and Portable Way to Clear Them

Do C++11 Compilers Turn Local Variables into Rvalues When They Can During Code Optimization

Bring Window to Front -> Raise(),Show(),Activatewindow() Don't Work

Finding C++ Interval Tree Algorithm Implementation


Leave a reply



Submit