How can I use scapy to make a port appear open?

Question

I've been trying to create an ACKSYN packet to make it seem like the port is open but it's not working, this is the code I have so far

ip=IP(src=machine_self_ip, dst=pkt[IP].src, proto='tcp')

SYN=TCP(sport=pkt.payload.dport, dport=pkt.payload.sport, seq=1,ack=1, urgptr=0, flags="SA")

Then I send the packet but the port still appears closed. Am I missing something?

Thanks!

Answer 1

The good way to do this would be to implement an AnsweringMachine class.

A quick-and-dirty (but working) way would be to use sniff with a special prn function:

def answer(p):
    p = p[IP]
    send(IP(dst=p.src, src=p.dst)/TCP(dport=p.sport, sport=p.dport,
                                      ack=p.seq + 1, flags='SA'))

sniff(filter='tcp and tcp[tcpflags] & (tcp-syn|tcp-ack) == tcp-syn',
      prn=answer, store=False)

You might want to add firewall rules to prevent your host's IP stack from sending RST-ACK packets before Scapy has a chance to send the SYN-ACK. You might also want to adjust the filter to answer only to packets destined for your host (or a particular host/network).