Re: Retransmissions while blocking TCP Stack's RST?

[Dan Kaminsky <dan () doxpara com>]

> This doesn't address the issue of keeping the originating machine from
> trying to take part in the replayed TCP session. The question isn't how to
> replay the data, it's how to keep the originating host from screwing it up
> by tearing down the illigitimate connection.
>
> One easy way to do this would be to setup iptables to block outbound TCP
> packets that have the RST flag set (of course, this would mess up replayed
> data which contains RSTs..but I'm sure you can think of creative solutions
> for that :)
>  
Actually, it's mildly convenient having the kernel send RSTs for me. 
Simplifies my network auditor significantly -- receiver doesn't need to 
send any packets.

The definitive way to shut the kernel up is to throw your userspace 
stack on a different IP, behind a NAT box if necessary.

BTW -- I'm thinking about simple, lower/upper case streams of hex, 
terminated by newlines, as a nice and hackable datastream for packet 
input/output.  You'd run linkcat in listen mode and get something like

45 10 01 48 bb 0a 40 00 40 06 68 4f 0a 00 01 0b 0a 00 01 0b 0a 00 01 3c ...
45 00 00 28 15 1b 40 00 80 06 cf 6e 0a 00 01 3c 0a 00 01 0b 12 6c 00 16 ...

...which you could then read using whatever text parser you had handy, 
modify, and spit back out in equivalent form through linkcat's send 
mode.  Any thoughts?  Should I have no spaces by default?  Whatcha want?

--Dan
www.doxpara.com