Without going into the detail of my goal too much, I essentially want to fake a TCP handshake between my own test server and some spoofed ip packets that lead to no where. I made the proof of concept, where I have a server that prints out a connection if it receives one, using sockets in python3, and using the scapy import to craft a TCP segment with a SYN flag, and, never receiving the SYN ACK from the server, sends the ACK segment, completing the handshake and causing the server to print that it recieved a connection.
While this should work in theory, I’m now realizing that I never accounted for sequence and acknowledgment numbers, which explains why my server isn’t printing.
With this specific problem in mind, How does one fake sequence and ack numbers, especially when you never receive them. Adding on to this, Because I’m sending the first packet, do I have to calculate a beginning seq number?
What I’ve got so far
whether or not I need to calculate a seq number, could I use said seq number, along with knowing ahead of time what packet will be sent next (a TCP SYN ACK in this case), to calculate the future seq numbers? if so, is this the only way to calculate seq numbers?
Any help on this topic(answers, links for future reference, etc.) would be much appreciated, and thanks in advance for taking time out of your guys’ busy schedules of forum browsing to help me out!
To clarify, I’m not trying to intercept and take control of a TCP session. I’m trying to physically catfish a computer into thinking that an ip exists. So that instead of A and B talking and C(me) intercepting, its C trying to catfish A into thinking C is B, when B never really existed in the first place. The idea is that if the spoofed IP isn’t alive, and that I know what a server is going to send, I can reply to the message even though it never reaches me, because I know what was supposed to be sent.
Take the three way handshake. we all know that if you send a SYN, you’ll get a SYN ACK, and then the server knows it wants an ACK. because you know what the server is sending, and what it wants back, you can theoretically fake a handshake. You send a SYN request with a spoofed nonexistent IP, and because you know the server is going to reply with a SYN ACK, even though you never recieve said SYN ACK, you can reply with another spoofed packet that contains the ACK, completing a handshake with a nonexistent client.
The problem I’m having is I don’t know enough about seq and ack numbers to know if this is possible.
I really hope that didn’t just confuse people more, lmao.