Scapy SYN send on our own IP address

Nolhian picture Nolhian · Jul 10, 2010 · Viewed 10.6k times · Source

I tried to send SYN packets on my local network and monitoring them with Wireshark and everything works just fine, except when i try to send a packet to my own ip address it "seems" to work because it says Sent 1 packet, but it is not really sent, i can't see the packet in Wireshark nor any answers to the packet. My setup is a computer A ( 192.168.0.1 ) with a TCP Socket Server listening on port 40508, and a computer B ( 192.168.0.2 ).

On Computer B i test:

ip=IP(src="192.168.0.2",dst="192.168.0.1")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

It works fine, i see the SYN packet on Wireshark and the SYN/ACK response from 192.168.0.1

On Computer A i test:

ip=IP(src="192.168.0.1",dst="192.168.0.2")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

It works fine too, i see the SYN packet and the RST/ACK ( there is no server listening on port 40508 on 192.168.0.2 so it sends a RST/ACK ) response from 192.168.0.2

But when i try on Computer A :

ip=IP(src="192.168.0.2",dst="192.168.0.1")  
SYN=TCP(sport=40508,dport=40508,flags="S",seq=12345)
send(ip/SYN)

Nothing appears in Wireshark, as if the packet was never sent but it said like the other tests : Sent 1 packets. and returned no error whatsoever. If i run the same test on computer B and try to send a packet to its own IP address i got the same problem.

For my program i really need to send a SYN packet to my own IP address, is there a way to do that or is it impossible ?

Thanks in advance,

Nolhian

Answer

Alex Martelli picture Alex Martelli · Jul 10, 2010

What network device(s) is your Wireshark installation listening on? I suspect it's listening on the actual network card (ethernet, wifi, or otherwise, as per the Wireshark FAQ) -- and when sending from a computer to itself the OS can of course bypass the device (why bother with it?) and just do the "sending" by copying bits around within the TCP/IP stack in kernel memory.

In other words I suspect your packet is being sent OK, just Wireshark may not see it. To verify this hypothesis, you could try (e.g.) using your browser to visit existent and nonexistent ports on your local machine, and see if Wireshark sees those packets or not.