At work, I do lot of in-house reproduction of customers issue with lots of different tools, scapy is one I used often to simulate some odd TCP behavior. for example, a customer has a PoS terminal establish tcp connections to our load balancer, the terminal would FIN+ACK the TCP connection after sending a transaction request (PSH+ACK), our load balancer would FIN+ACK , the PoS terminal send final ACK to close the TCP connection. this is all sound and good.
here is an interesting problem though, intermittently, some customers PoS terminal would re-send the transaction request (PSH+ACK) about ~1 second later after the TCP 4-way close. This of course will be dropped by load balancer with RST since the TCP connections has been closed and TCP connection flows in memory has been cleared. I think this is a good example to use scapy to simulate the PoS terminal client behavior and show how flexible with scapy to simulate some odd TCP behavior, see the script from my githup:
https://github.com/vincentmli/bash_scripts/blob/master/scapy-http-responder/pshack-after-tcp4wayclose.py
Friday, March 18, 2016
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment