FAQ
Hi Folks,
I am newbie to Python, but have successfully created a simple client and
server setup, I have one issue though.

I am trying to test a box by sending many TCP conns (WHILE loop) but not
closing them with a FIN/RST. However, no matter what i do, i cannot get the
loop to stop sending FIN from the client.

Any clues?

Here is my current script

#!/usr/bin/python

import socket,sys
from numpy import *
num1=0

while (num1<) :

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(10.0)
s.connect(("10.1.1.69", 50008)) # SMTP
print s.recv(1024) + '\n',
num1=num1+1
#s.close()


sys.exit(1)

Search Discussions

  • S0suk3 at May 19, 2008 at 3:48 pm

    On May 19, 10:25 am, "Alan Wright" wrote:
    Hi Folks,
    I am newbie to Python, but have successfully created a simple client and
    server setup, I have one issue though.

    I am trying to test a box by sending many TCP conns (WHILE loop) but not
    closing them with a FIN/RST. However, no matter what i do, i cannot get the
    loop to stop sending FIN from the client.

    Any clues?

    Here is my current script

    #!/usr/bin/python

    import socket,sys
    from numpy import *
    num1=0

    while (num1<) :

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(10.0)
    s.connect(("10.1.1.69", 50008)) # SMTP
    print s.recv(1024) + '\n',
    num1=num1+1
    #s.close()

    sys.exit(1)
    socket.socket instances do an implicit close() on the socket when the
    object is destructed (in this case, it's destructed when it is garbage-
    collected). What's happening is that on each iteration, the variable
    "s", which references the socket.socket instance, is assigned to a new
    socket.socket instance, therefore the instance of the previous
    iteration is no longer referenced by "s", and since it's no longer
    referenced by anything, the instance is garbage-collected,
    automatically imposing an implicit close() on that instance. A simple
    solution could be to create a list and append the socket.socket
    instance of each iteration to that list, that way the instances would
    remain referenced in the list and not be garbage-collected; though you
    might be able to find a more elegant solution.

    Sebastian
  • Alan Wright at May 19, 2008 at 7:25 pm
    Thanks for the feedback.

    Using the socket in a list is great

    However, as i imagined, I now get a limit of around 1500 conns before the
    system crashes out, also i have noticed, that the ports loop back to 1025
    when they hit 5000.

    Any ideas on how to make the list/socket get to around 50K

    TIA

    Alan
    <s0suk3 at gmail.com> wrote in message
    news:e8e610ae-dec8-4551-b769-28ce9254c2b1 at c58g2000hsc.googlegroups.com...
    On May 19, 10:25 am, "Alan Wright" wrote:
    Hi Folks,
    I am newbie to Python, but have successfully created a simple client and
    server setup, I have one issue though.

    I am trying to test a box by sending many TCP conns (WHILE loop) but not
    closing them with a FIN/RST. However, no matter what i do, i cannot get
    the
    loop to stop sending FIN from the client.

    Any clues?

    Here is my current script

    #!/usr/bin/python

    import socket,sys
    from numpy import *
    num1=0

    while (num1<) :

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(10.0)
    s.connect(("10.1.1.69", 50008)) # SMTP
    print s.recv(1024) + '\n',
    num1=num1+1
    #s.close()

    sys.exit(1)
    socket.socket instances do an implicit close() on the socket when the
    object is destructed (in this case, it's destructed when it is garbage-
    collected). What's happening is that on each iteration, the variable
    "s", which references the socket.socket instance, is assigned to a new
    socket.socket instance, therefore the instance of the previous
    iteration is no longer referenced by "s", and since it's no longer
    referenced by anything, the instance is garbage-collected,
    automatically imposing an implicit close() on that instance. A simple
    solution could be to create a list and append the socket.socket
    instance of each iteration to that list, that way the instances would
    remain referenced in the list and not be garbage-collected; though you
    might be able to find a more elegant solution.

    Sebastian
  • Ghirai at May 19, 2008 at 9:45 pm

    On Mon, 19 May 2008 20:25:57 +0100 "Alan Wright" wrote:

    Thanks for the feedback.

    Using the socket in a list is great

    However, as i imagined, I now get a limit of around 1500 conns before
    the system crashes out, also i have noticed, that the ports loop back
    to 1025 when they hit 5000.

    Any ideas on how to make the list/socket get to around 50K

    TIA
    Try to use scapy to send raw empty packets with S flag set.
    Also use Linux/BSD if you're trying this on Windows.

    --
    Regards,
    Ghirai.
  • Alan Wright at May 19, 2008 at 10:50 pm
    Ghirai,
    Scapy does the same, only it sends RST and not FIN, so still no help

    send(IP(dst="10.1.1.2")/TCP(dportP000,flags="S"))

    Only have windows at the moment sadly.

    Alan

    "Ghirai" <ghirai at ghirai.com> wrote in message
    news:mailman.1364.1211234091.12834.python-list at python.org...
    On Mon, 19 May 2008 20:25:57 +0100
    "Alan Wright" wrote:
    Thanks for the feedback.

    Using the socket in a list is great

    However, as i imagined, I now get a limit of around 1500 conns before
    the system crashes out, also i have noticed, that the ports loop back
    to 1025 when they hit 5000.

    Any ideas on how to make the list/socket get to around 50K

    TIA
    Try to use scapy to send raw empty packets with S flag set.
    Also use Linux/BSD if you're trying this on Windows.

    --
    Regards,
    Ghirai.
  • Ghirai at May 19, 2008 at 11:44 pm

    On Mon, 19 May 2008 23:50:50 +0100 "Alan Wright" wrote:

    Ghirai,
    Scapy does the same, only it sends RST and not FIN, so still no help

    send(IP(dst="10.1.1.2")/TCP(dportP000,flags="S"))

    Only have windows at the moment sadly.

    Alan
    Are you sure there's no firewall or something else between you and the
    remote host?

    Because i just tried that command with scapy and it didn't send any other packets
    except what it was told (1 packet with SYN flag set).

    I haven't tried on windows though.

    --
    Regards,
    Ghirai.
  • Alan Wright at May 21, 2008 at 10:44 am
    Same on FC8, sends RST after it sees SYN/ACK

    "Ghirai" <ghirai at ghirai.com> wrote in message
    news:mailman.1367.1211240706.12834.python-list at python.org...
    On Mon, 19 May 2008 23:50:50 +0100
    "Alan Wright" wrote:
    Ghirai,
    Scapy does the same, only it sends RST and not FIN, so still no help

    send(IP(dst="10.1.1.2")/TCP(dportP000,flags="S"))

    Only have windows at the moment sadly.

    Alan
    Are you sure there's no firewall or something else between you and the
    remote host?

    Because i just tried that command with scapy and it didn't send any other
    packets
    except what it was told (1 packet with SYN flag set).

    I haven't tried on windows though.

    --
    Regards,
    Ghirai.
  • Alan Wright at May 21, 2008 at 4:34 pm
    You must have something in your IPtables

    I needed to put a rule in to drop these unwanted RST from getting back out.

    All fixed now

    Thanks for the advice

    Alan

    "Alan Wright" <alan.wright at volubill.com> wrote in message
    news:iaidnRzZuNB9YK7VnZ2dnUVZ8uednZ2d at pipex.net...
    Same on FC8, sends RST after it sees SYN/ACK

    "Ghirai" <ghirai at ghirai.com> wrote in message
    news:mailman.1367.1211240706.12834.python-list at python.org...
    On Mon, 19 May 2008 23:50:50 +0100
    "Alan Wright" wrote:
    Ghirai,
    Scapy does the same, only it sends RST and not FIN, so still no help

    send(IP(dst="10.1.1.2")/TCP(dportP000,flags="S"))

    Only have windows at the moment sadly.

    Alan
    Are you sure there's no firewall or something else between you and the
    remote host?

    Because i just tried that command with scapy and it didn't send any other
    packets
    except what it was told (1 packet with SYN flag set).

    I haven't tried on windows though.

    --
    Regards,
    Ghirai.
  • Roy Smith at May 20, 2008 at 12:58 am
    In article <DK6dnSffU4LRSazVnZ2dnUVZ8qqlnZ2d at pipex.net>,
    "Alan Wright" wrote:
    Thanks for the feedback.

    Using the socket in a list is great

    However, as i imagined, I now get a limit of around 1500 conns before the
    system crashes out, also i have noticed, that the ports loop back to 1025
    when they hit 5000.

    Any ideas on how to make the list/socket get to around 50K
    Yikes. Not on any box I know of. A given process is limited in how many
    descriptors it can have open at once. I don't know of any that will allow
    anywhere near 50k. Somewhere in the 1-2000 range would be more typical.
    The 1500 you report is not at all surprising.

    You might try creating a bunch of child processes with os.system() or
    something of that ilk. Create 50 processes and have each one open 1000
    sockets.

    The next thing you have to worry about is whether the OS can handle 50k
    file descriptors open per-system. Or 50k sockets, or TCP connections. I
    wouldn't be too surprised if many systems couldn't. The address space (TCP
    port numbers) is 16-bit (unsigned), or about 65k, but you may well run into
    some other system limit long before you exhaust the theoretically available
    ports.

    Something like Scapy, recommended by others, may indeed be able to generate
    all those SYN packets you want, but that doesn't mean you'll get all the
    open connections you seek. You send a SYN packet to the remote host, and
    it sends back a SYN/ACK. The local kernel now sees a SYN/ACK packet for a
    port it doesn't know about. I'm not sure what the RFCs say about that, but
    I wouldn't be surprised if the kernel ends up sending a RST or maybe a FIN
    or something like that. The kernel owns the ports; it's not nice to try
    and mess with them on your own.
  • Alan Wright at May 21, 2008 at 10:47 am
    Thanks Roy

    Any ideas how to code this child process stuff, as I said I am newbie and
    not from a coding background

    to be honest ideally yes, i'd get 50K, but if i can get above 30K that would
    be OK

    Alan

    "Roy Smith" <roy at panix.com> wrote in message
    news:roy-27A881.20583919052008 at 70-1-84-166.area1.spcsdns.net...
    In article <DK6dnSffU4LRSazVnZ2dnUVZ8qqlnZ2d at pipex.net>,
    "Alan Wright" wrote:
    Thanks for the feedback.

    Using the socket in a list is great

    However, as i imagined, I now get a limit of around 1500 conns before the
    system crashes out, also i have noticed, that the ports loop back to 1025
    when they hit 5000.

    Any ideas on how to make the list/socket get to around 50K
    Yikes. Not on any box I know of. A given process is limited in how many
    descriptors it can have open at once. I don't know of any that will allow
    anywhere near 50k. Somewhere in the 1-2000 range would be more typical.
    The 1500 you report is not at all surprising.

    You might try creating a bunch of child processes with os.system() or
    something of that ilk. Create 50 processes and have each one open 1000
    sockets.

    The next thing you have to worry about is whether the OS can handle 50k
    file descriptors open per-system. Or 50k sockets, or TCP connections. I
    wouldn't be too surprised if many systems couldn't. The address space
    (TCP
    port numbers) is 16-bit (unsigned), or about 65k, but you may well run
    into
    some other system limit long before you exhaust the theoretically
    available
    ports.

    Something like Scapy, recommended by others, may indeed be able to
    generate
    all those SYN packets you want, but that doesn't mean you'll get all the
    open connections you seek. You send a SYN packet to the remote host, and
    it sends back a SYN/ACK. The local kernel now sees a SYN/ACK packet for a
    port it doesn't know about. I'm not sure what the RFCs say about that,
    but
    I wouldn't be surprised if the kernel ends up sending a RST or maybe a FIN
    or something like that. The kernel owns the ports; it's not nice to try
    and mess with them on your own.
  • Roy Smith at May 21, 2008 at 12:27 pm
    In article <iaidnR_ZuNB9YK7VnZ2dnUVZ8uednZ2d at pipex.net>,
    "Alan Wright" wrote:
    Thanks Roy

    Any ideas how to code this child process stuff, as I said I am newbie and
    not from a coding background
    The easiest thing would be to use os.system(). If you wanted to spawn 10
    child processes, you could do:

    import os
    for i in range(10):
    os.system ("./child.py &")

    and then have child.py be a script that creates 1000 TCP connections.

    Keep in mind that one man's stress test is another man's denial of service
    attack. If there are any firewalls between you and your target, they may
    restrict the number of connections you get to make (or the rate at which
    they're created). You may also get a polite phone call from your local IT
    people asking enquiring about your activities.
  • Alan Wright at May 21, 2008 at 4:37 pm
    Thanks Roy, will give it a go.

    infact there is no need for any IT phone calls, I am the owner of this
    network

    Very simple [bunch of clients]----[box under test]----[bunch of servers]

    Now i should be able to hammer them ;)

    Alan

    "Roy Smith" <roy at panix.com> wrote in message
    news:roy-6BB9DC.08271421052008 at 70-1-84-166.area1.spcsdns.net...
    In article <iaidnR_ZuNB9YK7VnZ2dnUVZ8uednZ2d at pipex.net>,
    "Alan Wright" wrote:
    Thanks Roy

    Any ideas how to code this child process stuff, as I said I am newbie and
    not from a coding background
    The easiest thing would be to use os.system(). If you wanted to spawn 10
    child processes, you could do:

    import os
    for i in range(10):
    os.system ("./child.py &")

    and then have child.py be a script that creates 1000 TCP connections.

    Keep in mind that one man's stress test is another man's denial of service
    attack. If there are any firewalls between you and your target, they may
    restrict the number of connections you get to make (or the rate at which
    they're created). You may also get a polite phone call from your local IT
    people asking enquiring about your activities.
  • Roy Smith at May 21, 2008 at 5:38 pm
    In article <3KadnXuJQ5VA0qnVRVnyuAA at pipex.net>,
    "Alan Wright" wrote:
    infact there is no need for any IT phone calls, I am the owner of this
    network
    That's the best way to do it :-)
  • Irmen de Jong at May 19, 2008 at 6:29 pm

    Alan Wright wrote:

    while (num1<) :

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(10.0)
    s.connect(("10.1.1.69", 50008)) # SMTP
    print s.recv(1024) + '\n',
    num1=num1+1
    #s.close()


    sys.exit(1)
    I think the following is happening:
    Reusing the 's' object for every new socket will make Python to garbage
    collect the previous ones. Garbage collecting a socket will likely close() it.
    Also after creating all sockets your program exits. I guess either Python or the
    operating system itself will go close all the sockets.


    Try putting every new socket you make into a big list instead, so that Python can't
    garbage collect it. And put your program to sleep at the end.

    import time
    allsockets=[]

    while (...):
    s=socket.socket(...
    allsockets.append(s)
    s.settimeout(...
    ...

    time.sleep(99999)



    --irmen

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppython-list @
categoriespython
postedMay 19, '08 at 3:25p
activeMay 21, '08 at 5:38p
posts14
users5
websitepython.org

People

Translate

site design / logo © 2022 Grokbase