发送TCP reset (RST) 包打断TCP连接

Sample TCP Reset (RST) Packet Hexdump

Here's a simple example of what a TCP reset packet might look like in hexdump format. This example assumes an IPv4 packet with an Ethernet frame.

复制代码
0000   00 1c 42 00 00 08 00 16 3e 58 53 a2 08 00 45 00
0010   00 28 6f 22 40 00 40 06 3b 69 c0 a8 01 0b c0 a8
0020   01 01 04 d2 00 50 a4 96 8e 2e 00 00 00 00 50 14
0030   00 00 a7 f5 00 00
  • The hexdump represents the raw bytes of the Ethernet, IP, and TCP headers.
  • The specific bytes will depend on the details of the connection being reset (e.g., IP addresses, port numbers).

C Code Demo to Create and Send a TCP Reset (RST) Packet

Here's a simple example in C that constructs and sends a TCP reset packet using raw sockets. Note that this requires root privileges to run and might not work on all systems due to security restrictions.

c 复制代码
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>

// Pseudo header needed for TCP checksum calculation
struct pseudo_header {
    u_int32_t source_address;
    u_int32_t dest_address;
    u_int8_t placeholder;
    u_int8_t protocol;
    u_int16_t tcp_length;
};

// Checksum calculation function
unsigned short checksum(void *b, int len) {
    unsigned short *buf = b;
    unsigned int sum = 0;
    unsigned short result;

    for (sum = 0; len > 1; len -= 2)
        sum += *buf++;
    if (len == 1)
        sum += *(unsigned char *)buf;
    sum = (sum >> 16) + (sum & 0xFFFF);
    sum += (sum >> 16);
    result = ~sum;
    return result;
}

int main() {
    int sock;
    struct sockaddr_in dest_info;
    char packet[4096];

    // IP header
    struct iphdr *iph = (struct iphdr *)packet;
    // TCP header
    struct tcphdr *tcph = (struct tcphdr *)(packet + sizeof(struct iphdr));
    struct pseudo_header psh;

    sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
    if (sock < 0) {
        perror("Socket creation error");
        exit(1);
    }

    dest_info.sin_family = AF_INET;
    dest_info.sin_port = htons(80);  // destination port
    dest_info.sin_addr.s_addr = inet_addr("192.168.1.1");  // destination IP

    memset(packet, 0, 4096);

    // Fill in the IP Header
    iph->ihl = 5;
    iph->version = 4;
    iph->tos = 0;
    iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
    iph->id = htonl(54321);  // ID of this packet
    iph->frag_off = 0;
    iph->ttl = 255;
    iph->protocol = IPPROTO_TCP;
    iph->check = 0;
    iph->saddr = inet_addr("192.168.1.2");  // source IP
    iph->daddr = dest_info.sin_addr.s_addr;

    iph->check = checksum((unsigned short *)packet, iph->tot_len);

    // Fill in the TCP Header
    tcph->source = htons(12345);  // source port
    tcph->dest = htons(80);  // destination port
    tcph->seq = 0;
    tcph->ack_seq = 0;
    tcph->doff = 5;  // TCP header size
    tcph->rst = 1;  // Reset flag
    tcph->window = htons(5840);  // maximum allowed window size
    tcph->check = 0;  // leave checksum 0 now, filled later by pseudo header
    tcph->urg_ptr = 0;

    // Now the TCP checksum
    psh.source_address = inet_addr("192.168.1.2");
    psh.dest_address = dest_info.sin_addr.s_addr;
    psh.placeholder = 0;
    psh.protocol = IPPROTO_TCP;
    psh.tcp_length = htons(sizeof(struct tcphdr));

    int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr);
    char *pseudogram = malloc(psize);

    memcpy(pseudogram, (char *)&psh, sizeof(struct pseudo_header));
    memcpy(pseudogram + sizeof(struct pseudo_header), tcph, sizeof(struct tcphdr));

    tcph->check = checksum((unsigned short *)pseudogram, psize);

    // Send the packet
    if (sendto(sock, packet, iph->tot_len, 0, (struct sockaddr *)&dest_info, sizeof(dest_info)) < 0) {
        perror("Sendto error");
    } else {
        printf("Packet Sent\n");
    }

    close(sock);
    free(pseudogram);

    return 0;
}

Explanation:

  1. Raw Socket Creation:

    • The socket is created with AF_INET for IPv4, SOCK_RAW for raw socket, and IPPROTO_TCP to indicate TCP packets.
  2. IP Header Construction:

    • The IP header is filled with appropriate values, including source and destination IP addresses, and checksum calculation.
  3. TCP Header Construction:

    • The TCP header is filled, setting the RST flag and other necessary fields. The checksum is calculated using a pseudo header.
  4. Packet Sending:

    • The constructed packet is sent using sendto() function.
  5. Permissions:

    • This program needs to run with root privileges due to the use of raw sockets.

This code demonstrates how to construct and send a TCP reset packet. It can be adapted for specific use cases, but care must be taken when using raw sockets and sending such packets as it can disrupt network connections.

The XXX (***) is a complex system of internet censorship and surveillance to control access to information online and maintain internet sovereignty. Its working mechanism involves several key techniques:

  1. IP Blocking:

    • The *** maintains a list of IP addresses of servers and services that it wants to block. When a user tries to access these IP addresses, the connection is denied or reset.
  2. DNS Poisoning:

    • The *** interferes with DNS requests by returning incorrect IP addresses for blocked domain names. For example, when a user attempts to access a blocked site, the DNS server returns an incorrect IP address, redirecting the user to a different, often harmless, site or a dead end.
  3. URL Filtering:

    • The *** inspects the URLs being accessed and blocks those that contain specific keywords or patterns deemed sensitive or inappropriate by the authorities.
  4. Deep Packet Inspection (DPI):

    • The *** uses DPI to analyze data packets transmitted over the internet. This technique allows it to identify and block specific types of traffic, such as encrypted XXX traffic or certain types of HTTP requests that may contain sensitive content.
  5. Keyword Filtering:

    • The *** scans the content of web pages and blocks pages containing specific keywords related to politically sensitive topics, banned organizations, or other prohibited content.
  6. Connection Resetting:

    • When the *** detects attempts to access blocked content or use prohibited services, it can reset the connection by sending TCP reset (RST) packets, effectively terminating the communication.
  7. Throttling and Bandwidth Management:

    • The *** can slow down internet connections to certain websites or services, making access inconvenient or impractical. This method is often used in combination with other techniques to discourage users from attempting to bypass the firewall.
  8. SSL Interception:

    • The *** can intercept and inspect encrypted SSL/TLS traffic. In some cases, it uses man-in-the-middle (MITM) attacks to decrypt and inspect the content of secure communications.
  9. Manual Monitoring and Reporting:

    • In addition to automated techniques, the *** employs human monitors to review and flag content that may have evaded automated filters. Internet service providers (ISPs) and websites are also required to self-censor and report prohibited content.
相关推荐
IpdataCloud5 分钟前
跨境AI金融风险怎么防?IP风险画像的实战应用指南
数据库·tcp/ip·金融·ip
m0_564876841 小时前
没有公网IP的情况下,怎么进行远程连接两个电脑
服务器·tcp/ip·负载均衡
Meya11275 小时前
不同规模机房怎么选 U 位系统?8 柜小型机房、40 柜数据中心完整选型参考
服务器·网络·数据库
大E帝国子民16 小时前
OpenCloudOS Server 9 安装 Nginx 完整指南
前端·网络·nginx
m0_738120726 小时前
PHP代码审计基础——面向对象(四)
android·开发语言·网络·安全·github·php
Geeys7 小时前
拼多多新店快速起流量完整实操
大数据·网络·人工智能
玖玥拾7 小时前
C# 语言进阶(十四)Unity UI界面开发 + 网络消息联动
服务器·开发语言·网络·ui·unity·c#·游戏引擎
hbugs0018 小时前
PNETLab vs EVE-NG Pro 流量洞察功能底层架构技术白皮书
网络·架构·eve-ng·bpf·流量洞察
不会C语言的男孩9 小时前
TCP通信可视化工具,含下载地址
服务器·网络·安全
五五六六05249 小时前
2026盘古石杯初赛
网络