简体繁体 English

打开没有套接字的 tcp/udp 端口

[英]Open tcp/udp ports with no socket

原文 2020-10-08 06:38:18 3 1 c/ networking/ tcp/ network-programming/ winpcap

I have started working with winpcap, and i got a funny situation with tcp/udp ports.我已经开始使用 winpcap，并且在使用 tcp/udp 端口时遇到了一个有趣的情况。 I wrote a packet forwarder, that sniff on interface and forward packets from specified ports.我写了一个数据包转发器，它嗅探接口并从指定端口转发数据包。 I do not open the ports because i sniff directly from interface.我不打开端口，因为我直接从接口嗅探。 The problem is that the tcp/ip stack answers RST,ACK on closed tcp port, and an ICMP Destination unreachable on closed UDP port.问题是 tcp/ip 堆栈在关闭的 tcp 端口上回答 RST、ACK，在关闭的 UDP 端口上无法访问 ICMP 目标。

I need to solve that issue in a way that closed port won't answer anything that will interrupt the conversation.我需要以关闭端口不会回答任何会中断对话的方式来解决这个问题。

Is there a way i can drop packets from reaching to tcp/ip stack?有没有办法可以将数据包从到达 tcp/ip 堆栈中丢弃？ Can i disable the automatic answers of RST,ACK and destination unreachable?我可以禁用 RST、ACK 和目的地不可达的自动应答吗？ Can i listen on tcp that wont replay a SYN ACK on a SYN packet?我可以监听不会在 SYN 数据包上重放 SYN ACK 的 tcp 吗？

Hope i got myself clear, thanks.希望我说清楚了，谢谢。

1 个解决方案

Two solutions that I can think of:我能想到的两种解决方案：

Don't use your PC IP address, use a different IP address, and implement a small ARP reply logic, that's less headache that trying to prevent packets from reaching the OS.不要使用你的 PC IP 地址，使用不同的 IP 地址，并实现一个小的 ARP 回复逻辑，这不像试图阻止数据包到达操作系统那样令人头疼。
Use the WinDivert driver https://www.reqrypt.org/windivert.html I know it can make the OS drop packets, but not sure if that covers the SYN packets as well.使用 WinDivert 驱动程序https://www.reqrypt.org/windivert.html我知道它可以让操作系统丢弃数据包，但不确定这是否也涵盖了 SYN 数据包。