Today, I finally established a TCP connection.
The question before two days has been drawn by writing some test procedures.
Do not do this with Raw Socket.
Let's talk about my solution first:
The method is now used, the principle is based on the means of ARP spoof.
Just describe the environment briefly. Assume that there are two machines A and B, and connected to the same LAN. Now that the host A does not use the TCP in the TCP / IP protocol stack provided by the OS, and the process of simulating the TCP3 handshake is created with host B (which is actively connected). First, it is assumed that the IP of the host A is IP1. The NIC MAC address is Eth1; the IP of the host B is IP2, the NIC MAC address is Eth2.
If you use socket or raw socket, then when the host B is sent back to the report, the OS's protocol stack is passed, so the protocol stack in the OS has responded to the message before the application intercepted to the message. (This response is wrong, because the kernel does not have any status information of this connection, so it will send RST packets to go back, which leads to unable to establish a connection).
The way now to imagine is to fake an existing IP, so that the protocol in the OS will see this IP is not a native, it will discard it. It will not reach the TCP layer. But in this way, it is not possible to use Raw Socket, because Raw Socket is also above IP, IP has lost the message, so my program will not receive the message.
So now there is only one road, just use WinPCap to intercept the message in the link layer, identify and process the message through my programs. Fortunately, WinPCAP also provides an API of the filtered message so that my program does not need to identify each received message.
So now the basic method is as follows:
1. Send ARP Reply packets, so that there is information of the forgery IP - IP3 of the host A in the ARP Cache of the other party, and the corresponding MAC address is actually Eth1.
2. Send SYN packets.
3. Wait for receiving SYN, ACK packets.
4. Construct the corresponding ACK packet and send it.
At this point, a TCP connection has been established. For host A, there is no information, and for host B, it can be considered that a connection has been established.
