I send 'hand-made' raw-socket tcp SYN packet to emulate handshake process (under winXP) for example to well known web server port 80
here is my raw packet
45 00 00 30 02 58 40 00 80 06 00 00 ac 13 01 66
d5 b4 d8 c8 0b e3 00 50 7f 3b 3d 88 00 00 00 00
70 02 3f dc 56 1e 00 00 02 04 05 b4 01 01 04 02

I get it with my IpFilterHook driver function to be sure thats all is alright, and let it go ahead (PF_FORWARD), but there is no SYNACK response from server? Then I send it with ttl = 1,2,3,... everything OK I get icmp packets type=11, that is my tcp packet isnt misconfigured.

But thru telnet or IE the handshake process is made without any problems.
here is captured IE widows tcp SYN packet to server
45 00 00 30 01 f7 40 00 80 06 00 00 ac 13 01 66
d5 b4 d8 c8 0b e2 00 50 d0 0c de e3 00 00 00 00
70 02 40 00 2c 06 00 00 02 04 05 b4 01 01 04 02
and to this windows tcp packet server replyes with SYNACK?

What is wrong with my tcp packets?
Posted on 2004-11-08 08:45:43 by 9ine