Search code examples
pythonvirtualboxscapy

scapy generated overly large sequence number, while actual setting is different

I have 3 virtualbox(ubuntu16) connected each other through private Nat, and two of them has established telnet connection. The third one can already catch the packets sending between these two, and I want to use the third machine generate a RST packet to terminate their connection, but I encounter following problem.

this is the sending package from 10.0.2.14 to 10.0.2.16, with ACK=6, seq=3. enter image description here

So presumably, I want to generate a RST packet send from 10.0.2.16 to 10.0.2.14.

this is my code

#!/usr/bin/python3
from scapy.all import *

ip = IP(src="10.0.2.16", dst="10.0.2.14")
tcp = TCP(sport=23, dport=37568, flags="R", seq=6, ack=3)
pkt = ip/tcp

ls(pkt)
send(pkt, verbose=0)

This is the python3 output:enter image description here

This is what I capture inside the wiresharkenter image description here

It has the right ACK but wrong SEQ, and this is probably the reason I can't terminate their connection

Solution

  • It is the Wireshark problem, wireshark shows the relative sequence, what you can do is to right click the sequence number, and uncheck "relative sequence number", and wireshark will show you the abs sequence number.