Friday, March 18, 2016

How to re-injecting TCP segment after TCP 4-way close with scapy

At work, I do lot of in-house reproduction of customers issue with lots of different tools, scapy is one I used often to simulate some odd TCP behavior. for example, a customer has a PoS terminal establish tcp connections to our load balancer,  the terminal would FIN+ACK the TCP connection after sending a transaction request (PSH+ACK), our load balancer would FIN+ACK , the PoS terminal send final ACK to close the TCP connection. this is all sound and good.

here is an interesting problem though,  intermittently, some customers PoS terminal would re-send the transaction request (PSH+ACK) about ~1 second later after the TCP 4-way close. This of course will be dropped by load balancer with RST since the TCP connections has been closed and TCP connection flows in memory has been cleared. I think this is a good example to use scapy to simulate the PoS terminal client behavior and show how flexible with scapy to simulate some odd TCP behavior, see the script from my githup:

No comments:

Post a Comment