Network – Page 30 – Lechuck Park

SDN, One of the concepts

Posted on 2022-04-072022-04-07 by lechuck park

Sampling Packet

Posted on 2022-04-012022-09-30 by lechuck park

IP fragmentation

Posted on 2022-03-292023-01-06 by lechuck park

smart contract

Posted on 2022-03-272022-03-27 by lechuck park

TTL(Time To Live) in the IP header

Posted on 2022-03-182022-03-18 by lechuck park

Did you see TCP Window zero..case?

Posted on 2017-01-252023-01-06 by lechuck park

As you know, TCP use buffer to arrange received Data from other peer every each TCP connection. and at that time, TCP windows is for notification to other peer about available buffer size right now for itself TCP connection.

Sometime you can see TCP Window = zero packet when you analysis raw packet with wireshark like..

I am Sure These below is not all case for TCP window Zero.. but when I get a new idea. I will update this writes.

Too Many Request .. Server cant process received request right now.
1. so send TCP Window zero…for notify ” PLZ dont send packet anymore.. wait!!”
Too Delay(Problem) on Network State for this TCP connection.
1. Big Sequence number.. but I didn’t get former sequence packet.
  1. network problem or threat… It can’t be avoid .. on TCP Protocol..

and link…..

https://wiki.wireshark.org/TCP%20ZeroWindow

How to send TCP_RST to Block HTTP_REQ.

Posted on 2017-01-172017-01-17 by lechuck park

# This is the part for the solution that blocked abnormal HTTP GET.

the below is summary of network architecture.

Get mirrored packet from TAP switch is located Backbone-Router and border’s.
Only get HTTP Get Packet with DPI Switch(Arista). used match TCP Payload
1. Arista Switch can stir the packet have HTTP Get string.
Server check if the packet is matched with Src/Dst IP and port and having HTTP_GET.
Send RST packet with Seq/Ack/Payload len of HTTP_Get Packet.
1. use RAW_PACKET socket.
2. Source is internal IP which must be protected and Destination is External(abnormal HTTP site).
3. RST packet is Source is External IP and..Destination is Source IP
4. Seq is from Ack ( on External,Destination)
5. Ack is from Seq + Payload len ( on Internal, Source)
6. tcp flag is RST | ACK
7. IP identification is don’t cared. ( It can be also adjusted if possible to get whole packet, On this page, only get HTTP Get packet, so cant know passed packet )
8. TCP windows : htons (4500) + rand() % 1000 ( also. not mandatory )
9. Need to send RST packet ASAP after receiving the HTTP_GET packet via ethernet port which can access to Internal IP Machine.
10. below is some code for..

// ack is from TCP seq value, seq is from TCP ack value from Internal -> External HTTP_GET packet , payload_len is ip_total_len – ip_header_len – tcp_header_len

ack = ntohl(ack) + payload_len;
ack = htonl(ack);

tcpheader->th_seq = seq;
tcpheader->th_ack = ack;