3

I am trying to create a test environment to test the handling of network errors between a client and a server. I cannot change the software on either. The two devices will be connected across a Linux bridge and I will be using various bandwidth shaping tools to restrict bandwidth or block traffic altogether to simulate various error conditions.

Another thing I need to do, which I have no idea yet how to achieve, is to generate socket errors on existing connections. I'd prefer to use an existing Linux tool/utility, but may be able to write my own with enough guidance. I'm pretty familiar with basic networking, TCP and UDP and all that, but not with bridging.

Can anyone suggest a way I can generate socket errors, e.g. by triggering unexpected FIN packets, to both ends of a socket that connects across a bridge?

Thanks in advance.

AlastairG
  • 4,119
  • 5
  • 26
  • 41

1 Answers1

4

You can generate with scapy FIN or RST packets easily sniffing in the bridge (usually br0) and crafting proper RST or FIN packets.

Here goes an example, where a RST is sent in the same direction of a packet with data.

#!/usr/bin/python
from scapy.all import *
import random

def sendRST(p):
    flags = p.sprintf("%TCP.flags%")
    if flags != "S":
        ip = p[IP]      # Received IP Packet
        tcp = p[TCP]    # Received TCP Segment
        if ip.len   <= 40:
            return
        i = IP()        # Outgoing IP Packet
        i.dst = ip.dst
        i.src = ip.src
        t = TCP()       # Outgoing TCP Segment
        t.flags = "R"
        t.dport = tcp.dport
        t.sport = tcp.sport
        t.seq = tcp.seq
        new_ack = tcp.seq + 1
        print "RST sent to ",i.dst,":",t.dport
        send(i/t)

while (1):
PKT = sniff (iface = "br0", filter = "tcp and src host x.x.x.x", count=1, prn=sendRST)
exit()

Check the options of sniff, wich is extremely powerfull :)

Hope to help you.

Jon Ander Ortiz Durántez
  • 2,542
  • 1
  • 20
  • 29
  • Awesome! This looks like just what I need, for this and other stuff I thought I wouldn't be able to do. I wish I could upvote this answer more than once. Thanks very much. One question: Is sniff() a Python API or a Scapy API? Also will the code above replace the data packet sent or just be triggered by it? – AlastairG Oct 18 '11 at 08:21
  • Some answers : sniff is a scapy API [http://www.secdev.org/projects/scapy/doc/usage.html#sniffing]. The data packet is not replaced, just a new packet RST is injected with libnet. If you want to replace the packet, you should use another techniches like libnetfilter_queue. Thanks for the greetings ;) – Jon Ander Ortiz Durántez Oct 18 '11 at 08:59