Sample TCP Reset (RST) Packet Hexdump
Here's a simple example of what a TCP reset packet might look like in hexdump format. This example assumes an IPv4 packet with an Ethernet frame.
0000 00 1c 42 00 00 08 00 16 3e 58 53 a2 08 00 45 00
0010 00 28 6f 22 40 00 40 06 3b 69 c0 a8 01 0b c0 a8
0020 01 01 04 d2 00 50 a4 96 8e 2e 00 00 00 00 50 14
0030 00 00 a7 f5 00 00- The hexdump represents the raw bytes of the Ethernet, IP, and TCP headers.
- The specific bytes will depend on the details of the connection being reset (e.g., IP addresses, port numbers).
C Code Demo to Create and Send a TCP Reset (RST) Packet
Here's a simple example in C that constructs and sends a TCP reset packet using raw sockets. Note that this requires root privileges to run and might not work on all systems due to security restrictions.
c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
// Pseudo header needed for TCP checksum calculation
struct pseudo_header {
u_int32_t source_address;
u_int32_t dest_address;
u_int8_t placeholder;
u_int8_t protocol;
u_int16_t tcp_length;
};
// Checksum calculation function
unsigned short checksum(void *b, int len) {
unsigned short *buf = b;
unsigned int sum = 0;
unsigned short result;
for (sum = 0; len > 1; len -= 2)
sum += *buf++;
if (len == 1)
sum += *(unsigned char *)buf;
sum = (sum >> 16) + (sum & 0xFFFF);
sum += (sum >> 16);
result = ~sum;
return result;
}
int main() {
int sock;
struct sockaddr_in dest_info;
char packet[4096];
// IP header
struct iphdr *iph = (struct iphdr *)packet;
// TCP header
struct tcphdr *tcph = (struct tcphdr *)(packet + sizeof(struct iphdr));
struct pseudo_header psh;
sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if (sock < 0) {
perror("Socket creation error");
exit(1);
}
dest_info.sin_family = AF_INET;
dest_info.sin_port = htons(80); // destination port
dest_info.sin_addr.s_addr = inet_addr("192.168.1.1"); // destination IP
memset(packet, 0, 4096);
// Fill in the IP Header
iph->ihl = 5;
iph->version = 4;
iph->tos = 0;
iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
iph->id = htonl(54321); // ID of this packet
iph->frag_off = 0;
iph->ttl = 255;
iph->protocol = IPPROTO_TCP;
iph->check = 0;
iph->saddr = inet_addr("192.168.1.2"); // source IP
iph->daddr = dest_info.sin_addr.s_addr;
iph->check = checksum((unsigned short *)packet, iph->tot_len);
// Fill in the TCP Header
tcph->source = htons(12345); // source port
tcph->dest = htons(80); // destination port
tcph->seq = 0;
tcph->ack_seq = 0;
tcph->doff = 5; // TCP header size
tcph->rst = 1; // Reset flag
tcph->window = htons(5840); // maximum allowed window size
tcph->check = 0; // leave checksum 0 now, filled later by pseudo header
tcph->urg_ptr = 0;
// Now the TCP checksum
psh.source_address = inet_addr("192.168.1.2");
psh.dest_address = dest_info.sin_addr.s_addr;
psh.placeholder = 0;
psh.protocol = IPPROTO_TCP;
psh.tcp_length = htons(sizeof(struct tcphdr));
int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr);
char *pseudogram = malloc(psize);
memcpy(pseudogram, (char *)&psh, sizeof(struct pseudo_header));
memcpy(pseudogram + sizeof(struct pseudo_header), tcph, sizeof(struct tcphdr));
tcph->check = checksum((unsigned short *)pseudogram, psize);
// Send the packet
if (sendto(sock, packet, iph->tot_len, 0, (struct sockaddr *)&dest_info, sizeof(dest_info)) < 0) {
perror("Sendto error");
} else {
printf("Packet Sent\n");
}
close(sock);
free(pseudogram);
return 0;
}Explanation:
-
Raw Socket Creation:
- The socket is created with
AF_INETfor IPv4,SOCK_RAWfor raw socket, andIPPROTO_TCPto indicate TCP packets.
- The socket is created with
-
IP Header Construction:
- The IP header is filled with appropriate values, including source and destination IP addresses, and checksum calculation.
-
TCP Header Construction:
- The TCP header is filled, setting the RST flag and other necessary fields. The checksum is calculated using a pseudo header.
-
Packet Sending:
- The constructed packet is sent using
sendto()function.
- The constructed packet is sent using
-
Permissions:
- This program needs to run with root privileges due to the use of raw sockets.
This code demonstrates how to construct and send a TCP reset packet. It can be adapted for specific use cases, but care must be taken when using raw sockets and sending such packets as it can disrupt network connections.
The XXX (***) is a complex system of internet censorship and surveillance to control access to information online and maintain internet sovereignty. Its working mechanism involves several key techniques:
-
IP Blocking:
- The *** maintains a list of IP addresses of servers and services that it wants to block. When a user tries to access these IP addresses, the connection is denied or reset.
-
DNS Poisoning:
- The *** interferes with DNS requests by returning incorrect IP addresses for blocked domain names. For example, when a user attempts to access a blocked site, the DNS server returns an incorrect IP address, redirecting the user to a different, often harmless, site or a dead end.
-
URL Filtering:
- The *** inspects the URLs being accessed and blocks those that contain specific keywords or patterns deemed sensitive or inappropriate by the authorities.
-
Deep Packet Inspection (DPI):
- The *** uses DPI to analyze data packets transmitted over the internet. This technique allows it to identify and block specific types of traffic, such as encrypted XXX traffic or certain types of HTTP requests that may contain sensitive content.
-
Keyword Filtering:
- The *** scans the content of web pages and blocks pages containing specific keywords related to politically sensitive topics, banned organizations, or other prohibited content.
-
Connection Resetting:
- When the *** detects attempts to access blocked content or use prohibited services, it can reset the connection by sending TCP reset (RST) packets, effectively terminating the communication.
-
Throttling and Bandwidth Management:
- The *** can slow down internet connections to certain websites or services, making access inconvenient or impractical. This method is often used in combination with other techniques to discourage users from attempting to bypass the firewall.
-
SSL Interception:
- The *** can intercept and inspect encrypted SSL/TLS traffic. In some cases, it uses man-in-the-middle (MITM) attacks to decrypt and inspect the content of secure communications.
-
Manual Monitoring and Reporting:
- In addition to automated techniques, the *** employs human monitors to review and flag content that may have evaded automated filters. Internet service providers (ISPs) and websites are also required to self-censor and report prohibited content.