mosquetero mosquetero - 3 months ago 20
Python Question

TCP/IP header bad hdr length 40 - too long

I am programming in Python a

TCP RST
packet using raw sockets. To do so, I write 1 in the
RST
flag and 0 on the rest, put the windows field to 0 and the urgent field to 0. Then I exchange source and destination port. After that, I recalculate the packet size and create the
IP
header, now with the correct total length IP field.

The pacekts seems fine but this is what I see in tcpdump:

IP host-11-0-0-10.http > host-11-0-0-9.37516: Flags [R] [bad hdr length 40 - too long, > 20]
0x0000: 4500 0028 9ffc 4000 4006 84ad 0b00 000a
0x0010: 0b00 0009 0050 928c 554c 31d8 0000 0000
0x0020: a004 0000 f9b3 0000


As far as I see, the IP length is correct (0028 ==> 40 bytes ==> 20 bytes IP and 20 bytes TCP). It is as if it believes the whole header is IP or TCP but I cannot understand why.

Answer

The problem is in the TCP header. The data offset field (that's what it's called in the RFC but it's often called header length too), you have set to 10 (the first nibble of 0xa0 at offset 0x20 in your packet dump). That is the number of 32-bit words in the TCP header -- or the offset of the TCP payload. In this case it should be 5 (20 bytes).

40 is too long because the IP header already specified the total length of the packet, hence there are only 20 bytes left after the IP header.

Comments