Skip to content

Instantly share code, notes, and snippets.

@x4lldux

x4lldux/conntrack_fuckup-phantom_connections.pl

Created October 15, 2015 14:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save x4lldux/681412747332dfd7c360 to your computer and use it in GitHub Desktop.
Save x4lldux/681412747332dfd7c360 to your computer and use it in GitHub Desktop.
Download ZIP
Generates phontom connections in conntrack just as described in http://www.spinics.net/lists/netfilter/msg43912.html
Raw
conntrack_fuckup-phantom_connections.pl
#!/usr/bin/perl
my $target = '192.241.81.52';
my $port = 80;
use DDP;
use Net::Frame::Device;
use Net::Write::Layer qw(:constants);
use Net::Write::Layer3;
use Net::Frame::Simple;
use Net::Frame::Dump::Online;
use Net::Frame::Layer::ETH qw(:consts);
use Net::Frame::Layer::IPv4 qw(:consts);
use Net::Frame::Layer::TCP qw(:consts);
# my $oDevice = Net::Frame::Device->new(target => $target);
my $oDevice = Net::Frame::Device->new(dev => "wlp3s0");
my $eth = Net::Frame::Layer::ETH->new(
src => $oDevice->mac,
dst => $oDevice->gatewayMac,
type => NF_ETH_TYPE_IPv4,
);
my $ip4 = Net::Frame::Layer::IPv4->new(
src => $oDevice->ip,
dst => $target,
);
my $tcp = Net::Frame::Layer::TCP->new(
flags => NF_TCP_FLAGS_SYN,
dst => $port,
);
my $oWrite = Net::Write::Layer2->new(
dev => $oDevice->dev,
);
my $oDump = Net::Frame::Dump::Online->new(dev => $oDevice->dev);
$oDump->start;
my $oSimple = Net::Frame::Simple->new(
layers => [ $eth, $ip4, $tcp ],
);
$oWrite->open;
$oSimple->send($oWrite);
until ($oDump->timeout) {
if (my $recv = $oSimple->recv($oDump)) {
print "RECV:\n".$recv->print."\n";
my @x=$recv->layers;
my $reply_tcp=$x[2];
$tcp = Net::Frame::Layer::TCP->new(
src => $tcp->src,
dst => $tcp->dst,
ack => $reply_tcp->seq+1,
seq => $tcp->seq,
flags => NF_TCP_FLAGS_ACK,
);
$oSimple = Net::Frame::Simple->new( layers => [ $eth, $ip4, $tcp ] );
$oSimple->send($oWrite);
sleep 1;
$tcp = Net::Frame::Layer::TCP->new(
src => $tcp->src,
dst => $tcp->dst,
ack => $reply_tcp->seq+2,
seq => $tcp->seq+1,
flags => NF_TCP_FLAGS_FIN,
);
$oSimple = Net::Frame::Simple->new( layers => [ $eth, $ip4, $tcp ] );
$oSimple->send($oWrite);
last
}
}
$oWrite->close;
$oDump->stop;
@x4lldux
Copy link
Author

x4lldux commented Oct 16, 2015

Don't exactly know why, but when I was using interface for my ethernet connection, kernel ways replying RST before my script could reply ACK, even though it is a RAW socket. This issue was not happening when I was using wifi interface - probably some kernel setting that I'm missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment