Question about windows automatic response to TCP packets - TCP-IP

This is a discussion on Question about windows automatic response to TCP packets - TCP-IP ; hi everyone, I am implemeting a application using Winsock which receive data from interface (192.168.0.178 in following ethereal summary) using IP raw sockets. And it sends out the packet using Winpcap (as windows xp does not allow transmit on raw ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Question about windows automatic response to TCP packets

  1. Question about windows automatic response to TCP packets

    hi everyone,

    I am implemeting a application using Winsock which receive data from
    interface (192.168.0.178 in following ethereal summary) using IP raw
    sockets. And it sends out the packet using Winpcap (as windows xp does
    not allow transmit on raw sockets).

    My application is forwarding the TCP packets from 2nd interface of PC
    to this interface. I am having a problem in this process as shown in
    following ethereal summary. It sends out packet 2 (TCP SYN) and gets
    the response packet 3 (TCP SYN-ACK). Before application can send next
    required packet 5 (TCP ACK), windows responds on its own with packet 4
    (TCP RST) which destroy the connection and application does not work
    anymore.

    2 24.103098 192.168.0.178 192.168.0.199 TCP 2500 >
    http [SYN] Seq=0 Len=0 MSS=1460
    3 24.103324 192.168.0.199 192.168.0.178 TCP http >
    2500 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1260
    4 24.103346 192.168.0.178 192.168.0.199 TCP 2500 >
    http [RST] Seq=1 Len=0
    5 24.111957 192.168.0.178 192.168.0.199 TCP 2500 >
    http [ACK] Seq=1 Ack=1 Win=65535 Len=0

    Is there a way that windows is prevented from automatically responding
    to this TCP SYN,ACK packet. Or I can reserve this port number 2500 so
    that windows ignores packets on this port.

    I will appreciate any help in this regards.

    Thanks,
    Amir

  2. Re: Question about windows automatic response to TCP packets

    On 18 Dec, 17:38, amin.a...@gmail.com wrote:
    > hi everyone,
    >
    > I am implemeting a application using Winsock which receive data from
    > interface (192.168.0.178 in following ethereal summary) using IP raw
    > sockets. And it sends out the packet using Winpcap (as windows xp does
    > not allow transmit on raw sockets).
    >
    > My application is forwarding the TCP packets from 2nd interface of PC
    > to this interface. I am having a problem in this process as shown in
    > following ethereal summary. It sends out packet 2 (TCP SYN) and gets
    > the response packet 3 (TCP SYN-ACK). Before application can send next
    > required packet 5 (TCP ACK), windows responds on its own with packet 4
    > (TCP RST) which destroy the connection and application does not work
    > anymore.
    >
    > 2 24.103098 192.168.0.178 192.168.0.199 TCP 2500 >
    > http [SYN] Seq=0 Len=0 MSS=1460
    > 3 24.103324 192.168.0.199 192.168.0.178 TCP http >
    > 2500 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1260
    > 4 24.103346 192.168.0.178 192.168.0.199 TCP 2500 >
    > http [RST] Seq=1 Len=0
    > 5 24.111957 192.168.0.178 192.168.0.199 TCP 2500 >
    > http [ACK] Seq=1 Ack=1 Win=65535 Len=0
    >
    > Is there a way that windows is prevented from automatically responding
    > to this TCP SYN,ACK packet. Or I can reserve this port number 2500 so
    > that windows ignores packets on this port.
    >
    > I will appreciate any help in this regards.
    >
    > Thanks,
    > Amir


    replace windows with a decent operating system ( FreeBSD or Linux)

    As you need a raw-socket and your current environment does not
    support this an upgrade of environment is "the best solution".


  3. Re: Question about windows automatic response to TCP packets

    On Dec 18, 11:38 am, amin.a...@gmail.com wrote:
    > hi everyone,
    >
    > I am implemeting a application using Winsock which receive data from
    > interface (192.168.0.178 in following ethereal summary) using IP raw
    > sockets. And it sends out the packet using Winpcap (as windows xp does
    > not allow transmit on raw sockets).

    [snip]
    > Is there a way that windows is prevented from automatically responding
    > to this TCP SYN,ACK packet.


    No. Not so long as you have a TCP/IP stack operating on the network
    interface

    > Or I can reserve this port number 2500 so that windows ignores packets on this port.


    No. Not so long as you have a TCP/IP stack operating on the network
    interface

    FWIW, if you are using Winpcap to emulate a TCP/IP stack on a system
    that already /has/ a TCP/IP stack, you are asking for trouble. Sorry,
    but this is a misuse of Winpcap, and I don't expect that you'll find
    any solution to your problem so long as you persist in using Winpcap
    instead of TCP/IP



  4. Re: Question about windows automatic response to TCP packets

    phn writes:

    [...]

    > replace windows with a decent operating system ( FreeBSD or Linux)


    I believe Unix will behave in the same way. I seem to recall reading
    this in a FAQ somewhere (libnet?), but I can't find it now. Which is
    too bad, because maybe it had a solution too... :-(

    One thing to try is telling the OS firewall to drop packets. If they
    are hidden from the OS still visible on the interface you are
    sniffing, that might work.

    -----Scott.

  5. Re: Question about windows automatic response to TCP packets

    On Wed, 19 Dec 2007 10:10:33 -0800 (PST), phn wrote:
    > On 18 Dec, 17:38, amin.a...@gmail.com wrote:
    >> hi everyone,
    >>
    >> I am implemeting a application using Winsock which receive data from
    >> interface (192.168.0.178 in following ethereal summary) using IP raw
    >> sockets. And it sends out the packet using Winpcap (as windows xp does
    >> not allow transmit on raw sockets).
    >>
    >> My application is forwarding the TCP packets from 2nd interface of PC
    >> to this interface. I am having a problem in this process as shown in
    >> following ethereal summary. It sends out packet 2 (TCP SYN) and gets

    ....
    >> Is there a way that windows is prevented from automatically responding
    >> to this TCP SYN,ACK packet. Or I can reserve this port number 2500 so
    >> that windows ignores packets on this port.


    > replace windows with a decent operating system ( FreeBSD or Linux)
    >
    > As you need a raw-socket and your current environment does not
    > support this an upgrade of environment is "the best solution".


    Sometimes RAW sockets aren't raw enough, and Winpcap seems to solve
    that part nicely on Windows too. At least for him.

    The best way to keep the stack from interpreting incoming packets
    is to send them to an address which doesn't exist. Outside the host,
    add a static route to a.b.c.d with the host's interface as gateway.
    On the host, pick up the packets with pcap. Works well under Unix.

    /Jorgen

    --
    // Jorgen Grahn \X/ snipabacken.se> R'lyeh wgah'nagl fhtagn!

+ Reply to Thread