Sunday, July 6, 2014

Stimulus and Response - TCP - Setting 6 flags - The Christmas Tree

URG-ACK-PSH-RST-SYN-FIN -> Listening Port 80
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAPRSF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.001215    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST-SYN-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-PSH-RST-SYN-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


URG-ACK-PSH-RST-SYN-FIN -> Non-Listening Port 81
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAPRSF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   4.149099    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  8   4.155698    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST-SYN-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with URG-ACK-PSH-RST-SYN-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


Conclusion:
While there are many cases in which both Windows 2012 and CentOS 6.5 TCP/IP Stack provides the same responses to the stimulus, there are also many cases in which they do not. Windows 2012 seems to be the more polite :-) of the two, being more willing to send a RST-ACK, while CentOS 6.5 discards the packet silently.

If you wish to have this as a reference, you may download:
"Stimulus and Response.pdf" document.
md5:8c931888caf948504188f57440396ebc
sha-1:c4cb5b06928e660a09ddc7eaf4b7e32fb0dd1a27

stimulus-response.xlsx
MD5:6176b65c89b73e3b07a519bf77db462a
SHA-1:1ff6308e2a56a1c950e4cc5831932d78563bf853 

Stimulus and Response - TCP - Setting 5 flags

In the 4 previous posts within this series, we looked at setting 1, then 2, then 3 and then 4 flags. In this post we will set 5 flags. So without further ado, let's look at setting 5 flags

URG-ACK-PSH-RST-SYN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAPRS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.000957    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-PSH-RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
   
   
URG-ACK-PSH-RST-SYN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAPRS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.000961    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-PSH-RST-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

---------------------------------------------------------------------------   

URG-ACK-PSH-RST-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)   
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAPRF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3  19.183058    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  6  19.189581    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-PSH-RST-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


URG-ACK-PSH-RST-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAPRF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.000903    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-PSH-RST-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


---------------------------------------------------------------------------

ACK-PSH-RST-SYN-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="APRSF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  4  15.724956    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  5  15.726052    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with ACK-PSH-RST-SYN-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with ACK-PSH-RST-SYN-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
 

ACK-PSH-RST-SYN-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="APRSF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  2   0.000908    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0

 
From the above:
Windows 2012 - Packet with ACK-PSH-RST-SYN-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with ACK-PSH-RST-SYN-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


If you wish to have this as a reference, you may download:
If you wish to have this as a reference, you may download:
"Stimulus and Response.pdf" document.
md5:8c931888caf948504188f57440396ebc
sha-1:c4cb5b06928e660a09ddc7eaf4b7e32fb0dd1a27

stimulus-response.xlsx
MD5:6176b65c89b73e3b07a519bf77db462a
SHA-1:1ff6308e2a56a1c950e4cc5831932d78563bf853 

Stimulus and Response - TCP - Setting 4 flags

In the 3 previous posts within this series, we looked at setting 1, then 2 and then 3 flags. In this post we will set 4 flags. So without further ado, let's look at setting 4 flags
--------------------------------------------------------

URG-ACK-PSH-RST  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAPR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'  
1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.001673    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with URG-ACK-PSH-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
       
URG-ACK-PSH-RST  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAPR"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   9.982480    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  8   9.990088    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [RST, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-PSH-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-PSH-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------

URG-ACK-PSH-SYN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAPS"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.000608   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.007313    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 10   0.009664   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-PSH-SYN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-PSH-SYN flags set, sent to LISTENING PORT, results in a RST
   
URG-ACK-PSH-SYN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAPS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'  
1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.001550    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  5   0.001607   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  6   0.002232   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-PSH-SYN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-PSH-SYN flags set, sent to NON-LISTENING PORT, results in a RST


--------------------------------------------------------

URG-ACK-PSH-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)   
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAPF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'  
1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.002013   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  5   0.002365    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  6   0.002845   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-PSH-FIN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-PSH-FIN flags set, sent to LISTENING PORT, results in a RST
   
URG-ACK-PSH-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAPF"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.001450   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.007067    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 10   0.009361   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-PSH-FIN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-PSH-FIN flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------
   
ACK-PSH-RST-SYN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="APRS"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.006835    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with ACK-PSH-RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with ACK-PSH-RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


ACK-PSH-RST-SYN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)   
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="APRS"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'  
1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  2   0.001947    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with ACK-PSH-RST-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with ACK-PSH-RST-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


--------------------------------------------------------   

ACK-PSH-RST-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="APRF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  2   0.000912    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0

 

From the above:
Windows 2012 - Packet with ACK-PSH-RST-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with ACK-PSH-RST-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


ACK-PSH-RST-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="APRF"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
 11   5.260897    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
 14   5.266354    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with ACK-PSH-RST-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with ACK-PSH-RST-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------
   
PSH-RST-SYN-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PRSF"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   7.782003    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, RST, PSH] Seq=0 Win=8192 Len=0
  8   7.788585    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with PSH-RST-SYN-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with PSH-RST-SYN-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


PSH-RST-SYN-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PRSF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  4   1.527062    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, RST, PSH] Seq=0 Win=8192 Len=0
  5   1.527916    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with PSH-RST-SYN-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with PSH-RST-SYN-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------   
   
URG-ACK-SYN-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UASF"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.001974   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.006452    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 10   0.007292   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-SYN-FIN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-SYN-FIN flags set, sent to LISTENING PORT, results in a RST
   
   
URG-ACK-SYN-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UASF"),iface='eth0', count=1)..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.001163    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  5   0.001950   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  6   0.001961   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-SYN-FIN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-SYN-FIN flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------   
   
PSH-ACK-URG-FIN  -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PAUF"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  4   8.797922    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  7   8.799443   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
 10   8.804208    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 11   8.804788   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the PSH-ACK-URG-FIN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the PSH-ACK-URG-FIN flags set, sent to LISTENING PORT, results in a RST


PSH-ACK-URG-FIN  -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PAUF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.001308   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  3   0.001721    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.002662   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-SYN-FIN flags set, sent to NON-LISTENING PORT, results in a RST
CentOS 6.5  - Packet with the URG-ACK-SYN-FIN flags set, sent to NON-LISTENING PORT, results in a RST

If you wish to have this as a reference, you may download:
"Stimulus and Response.pdf" document.
md5:8c931888caf948504188f57440396ebc
sha-1:c4cb5b06928e660a09ddc7eaf4b7e32fb0dd1a27

stimulus-response.xlsx
MD5:6176b65c89b73e3b07a519bf77db462a
SHA-1:1ff6308e2a56a1c950e4cc5831932d78563bf853

Stimulus and Response - TCP - Setting 3 flags

In the 2 previous posts within this series, we looked at setting 1, then 2 flags. In this post we will set 3 flags. So without further ado, let's look at setting 3 flags.

--------------------------------------------------------------

URG-ACK-PSH -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAP"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  2   8.050680    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 80 [PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  3   8.051269   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  4   8.051409    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 80 [PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  5   8.051824   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-PSH flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-PSH flags set, sent to LISTENING PORT, results in a RST


URG-ACK-PSH -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAP"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 81 [PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.001082    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 81 [PSH, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  3   0.001108   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  4   0.001380   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-PSH flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-PSH flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------------

URG-ACK-RST -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAR"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.002009    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-ACK-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


URG-ACK-RST -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAR"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   3.290352    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [RST, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  8   3.299002    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [RST, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0



From the above:
Windows 2012 - Packet with URG-ACK-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-ACK-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


--------------------------------------------------------------

URG-ACK-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  2   0.000730   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  3   0.000971    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.001447   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-SYN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-SYN flags set, sent to LISTENING PORT, results in a RST


URG-ACK-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAS"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   8.777791    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  6   8.778659   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  9   8.784533    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 12   8.786545   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-SYN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-SYN flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------------

URG-ACK-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UAF"),iface='eth0', count=1)..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  2   2.193187    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  5   2.194752   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  8   2.217398    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 11   2.218462   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-FIN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-FIN flags set, sent to LISTENING PORT, results in a RST


URG-ACK-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UAF"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   6.952935    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  6   6.954813   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  9   6.960017    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 10   6.960799   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-ACK-FIN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-ACK-FIN flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------------

FIN-SYN-RST -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="FSR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, RST] Seq=0 Win=8192 Len=0
  4   0.006779    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with FIN-SYN-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with FIN-SYN-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


FIN-SYN-RST -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="FSR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, RST] Seq=0 Win=8192 Len=0
  4   0.007679    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with FIN-SYN-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with FIN-SYN-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

FIN-SYN-PSH -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="FSP"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0
  4   0.001930   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 80 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  7   0.006305    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with the FIN-SYN-PSH flags set, sent to LISTENING PORT , results in a RST-ACK

CentOS 6.5  - Packet with the FIN-SYN-PSH flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


FIN-SYN-PSH -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="FSP"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
 
6   4.623353    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0
  9   4.624532    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0
 10   4.624578   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
 13   4.625571   10.0.0.101 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0

 


From the above:
Windows 2012 - Packet with the FIN-SYN-PSH flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the FIN-SYN-PSH flags set, sent to NON-LISTENING PORT, results in a RST-ACK

--------------------------------------------------------------

FIN-SYN-ACK -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="FSA"),iface='eth0', count=1)
..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.001043   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.006517    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  8   0.006975   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the FIN-SYN-ACK flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the FIN-SYN-ACK flags set, sent to LISTENING PORT, results in a RST


FIN-SYN-ACK -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="FSA"),iface='eth0', count=1)..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.002237   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.006692    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
 10   0.008642   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the FIN-SYN-ACK flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the FIN-SYN-ACK flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------------

FIN-SYN-URG -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="FSU"),iface='eth0', count=1)
..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.001772   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 80 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  7   0.005842    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with the FIN-SYN-URG flags set, sent to LISTENING PORT , results in a RST-ACK

CentOS 6.5  - Packet with the FIN-SYN-URG flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


FIN-SYN-URG -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="FSU"),iface='eth0', count=1)
..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.001999   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  7   0.006221    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
 10   0.008805   10.0.0.101 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0


From the above:
Windows 2012 - Packet with the FIN-SYN-URG flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the FIN-SYN-URG flags set, sent to NON-LISTENING PORT, results in a RST-ACK

--------------------------------------------------------------

SYN-RST-PSH -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="SRP"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, PSH] Seq=0 Win=8192 Len=0
  2   0.000941    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with SYN-RST-PSH flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with SYN-RST-PSH flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


SYN-RST-PSH -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="SRP"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  7  10.501695    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, PSH] Seq=0 Win=8192 Len=0
 10  10.511809    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with SYN-RST-PSH flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with SYN-RST-PSH flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

SYN-RST-ACK -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="SRA"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.005815    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with SYN-RST-ACK flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with SYN-RST-ACK flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


SYN-RST-ACK -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="SRA"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0
  2   0.001433    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with SYN-RST-ACK flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with SYN-RST-ACK flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

SYN-RST-URG -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="SRU"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.006632    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with SYN-RST-URG flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with SYN-RST-URG flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


SYN-RST-URG -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="SRU"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0
  2   0.001376    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with SYN-RST-URG flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with SYN-RST-URG flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

PSH-RST-ACK -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PRA"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.006336    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.006336    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with PSH-RST-ACK flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with PSH-RST-ACK flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


PSH-RST-ACK -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PRA"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  4   9.148893    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  7   9.156663    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [RST, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with PSH-RST-ACK flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with PSH-RST-ACK flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

PSH-ACK-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PAS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3  15.616396    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  6  15.617127   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  9  15.623923    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
 12  15.624927   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the PSH-ACK-SYN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the PSH-ACK-SYN flags set, sent to LISTENING PORT, results in a RST


PSH-ACK-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PAS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.001569    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  5   0.001735   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  6   0.002225   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the PSH-ACK-SYN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the PSH-ACK-SYN flags set, sent to NON-LISTENING PORT, results in a RST

--------------------------------------------------------------

PSH-FIN-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PFS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   4.267364    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0
  6   4.268165   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 80 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  7   4.268711    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0

 
From the above:
Windows 2012 - Packet with the PSH-FIN-SYN flags set, sent to LISTENING PORT , results in a RST-ACK

CentOS 6.5  - Packet with the PSH-FIN-SYN flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


PSH-FIN-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PFS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   1.651018    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0
  8   1.653316   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
 11   1.660990    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, PSH] Seq=0 Win=8192 Len=0
 12   1.661332   10.0.0.101 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0


From the above:
Windows 2012 - Packet with the PSH-FIN-SYN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the PSH-FIN-SYN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

--------------------------------------------------------------

PSH-RST-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PRS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   3.204299    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, PSH] Seq=0 Win=8192 Len=0
  8   3.209791    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, PSH] Seq=0 Win=8192 Len=0



From the above:
Windows 2012 - Packet with PSH-RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with PSH-RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


PSH-RST-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PRS"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, PSH] Seq=0 Win=8192 Len=0
  2   0.001072    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, PSH] Seq=0 Win=8192 Len=0



From the above:
Windows 2012 - Packet with PSH-RST-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with PSH-RST-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.  
 
--------------------------------------------------------------
   
RST-ACK-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RAS"),iface='eth0', count=1)
..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0
  2   0.001700    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-ACK-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with RST-ACK-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
 
 
RST-ACK-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RAS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.008154    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-ACK-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with RST-ACK-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

RST-FIN-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RFS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN, RST] Seq=0 Win=8192 Len=0
  4   0.007232    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-FIN-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with RST-FIN-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


RST-FIN-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RFS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   3.343153    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN, RST] Seq=0 Win=8192 Len=0
  4   3.344126    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-FIN-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with RST-FIN-SYN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
   
--------------------------------------------------------------

RST-URG-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)

>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RUF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   3.318014    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   3.319163    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with RST-URG-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with RST-URG-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet. 



RST-URG-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RUF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.005783    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, RST, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with RST-URG-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with RST-URG-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet. 

--------------------------------------------------------------

RST-PSH-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RPF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, RST, PSH] Seq=0 Win=8192 Len=0
  4   0.006418    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-PSH-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with RST-PSH-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet. 

 
RST-PSH-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RPF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, RST, PSH] Seq=0 Win=8192 Len=0
  4   0.007311    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-PSH-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with RST-PSH-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet. 


If you wish to have this as a reference, you may download:
"Stimulus and Response.pdf" document.
md5:8c931888caf948504188f57440396ebc
sha-1:c4cb5b06928e660a09ddc7eaf4b7e32fb0dd1a27

stimulus-response.xlsx
MD5:6176b65c89b73e3b07a519bf77db462a
SHA-1:1ff6308e2a56a1c950e4cc5831932d78563bf853 

Stimulus and Response - TCP - Setting 2 flags

In the previous post we dealt with setting individual flags. However, what happens when we send a packet with various combinations of 2 flags. Let's find out.

FIN-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="FS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   3.934865    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN] Seq=0 Win=8192 Len=0
  6   3.936696   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 80 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  9   3.948311    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN] Seq=0 Win=8192 Len=0

 
From the above:
Windows 2012 - Packet with the FIN-SYN flags set, sent to LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the FIN-SYN flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


FIN-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="FS"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   2.002337    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN] Seq=0 Win=8192 Len=0
  6   2.004018   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  9   2.010447    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN] Seq=0 Win=8192 Len=0
 12   2.013828   10.0.0.101 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0


From the above:
Windows 2012 - Packet with the FIN-SYN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the FIN-SYN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

---------------------------------------------------------------

RST-PSH -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RP"),iface='eth0', count=1)
..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5  10.357223    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, PSH] Seq=0 Win=8192 Len=0
  8  10.363234    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, PSH] Seq=0 Win=8192 Len=0

 
From the above:
Windows 2012 - Packet with the RST-PSH flags set, sent to LISTENING PORT , results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with the RST-PSH flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

   
RST-PSH -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RP"),iface='eth0', count=1)
..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   3   6.826082    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [RST, PSH] Seq=0 Win=8192 Len=0
  6   6.832142    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [RST, PSH] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with the RST-PSH flags set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.

CentOS 6.5  - Packet with the RST-PSH flags set, sent to a NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
   
---------------------------------------------------------------

ACK-URG -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UA"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 80 [ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.001850   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.007789    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 80 [ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
 10   0.010094   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the ACK-URG flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the ACK-URG flags set, sent to LISTENING PORT, results in a RST

   
ACK-URG -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UA"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 81 [ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  4   0.003142   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.007261    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 81 [ACK, URG] Seq=0 Ack=0 Win=8192 Urg=0 Len=0
  8   0.007798   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above: 
Windows 2012 - Packet with the ACK-URG flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the ACK-URG flags set, sent to NON-LISTENING PORT, results in a RST


---------------------------------------------------------------

URG-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.001790   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
  7   0.006253    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with the URG-FIN flags set, sent to LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the URG-FIN flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


URG-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.001132   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
  7   0.006518    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, URG] Seq=0 Win=8192 Urg=0 Len=0
 10   0.008365   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-FIN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the URG-FIN flags set, sent to NON-LISTENING PORT, results in a RST-ACK


---------------------------------------------------------------


URG-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="US"),iface='eth0', count=1)..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
 13   5.585379    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
1  16   5.588931   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [SYN, ACK] Seq=957194415 Ack=1 Win=8192 Len=0 MSS=1460
 19   5.593237    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
 22   5.595879   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [SYN, ACK] Seq=1703572497 Ack=1 Win=14600 Len=0 MSS=1460


From the above:
Windows 2012 - Packet with the URG-SYN flags set, sent to LISTENING PORT, results in a SYN-ACK

CentOS 6.5  - Packet with the URG-SYN flags set, sent to LISTENING PORT, results in a SYN-ACK


URG-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="US"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   7.948457    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
  8   7.950322   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
 11   7.955180    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, URG] Seq=0 Win=8192 Urg=0 Len=0
 12   7.955767   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0


Windows 2012 - Packet with the URG-SYN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the URG-SYN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

---------------------------------------------------------------


URG-RST -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.008478    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, URG] Seq=0 Win=8192 Urg=0 Len=0


From the above:
Windows 2012 - Packet with URG-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


URG-RST -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [RST, URG] Seq=0 Win=8192 Urg=0 Len=0
  2   0.000989    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [RST, URG] Seq=0 Win=8192 Urg=0 Len=0

 
From the above:
Windows 2012 - Packet with URG-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with URG-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

---------------------------------------------------------------

URG-PSH -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="UP"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 80 [PSH, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.002659   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0
  7   0.007878    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 80 [PSH, URG] Seq=0 Win=8192 Urg=0 Len=0


Windows 2012 - Packet with the URG-PSH flags set, sent to LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the URG-PSH flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


URG-PSH -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="UP"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 81 [PSH, URG] Seq=0 Win=8192 Urg=0 Len=0
  4   0.002396   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0
  7   0.006092    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 81 [PSH, URG] Seq=0 Win=8192 Urg=0 Len=0
 10   0.007837   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0


Windows 2012 - Packet with the URG-PSH flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the URG-PSH flags set, sent to NON-LISTENING PORT, results in a RST-ACK

---------------------------------------------------------------

ACK-PSH -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="AP"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   3.254561    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 80 [PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
  6   3.257235   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  9   3.261255    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 80 [PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
 12   3.262827   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the ACK-PSH flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the ACK-PSH flags set, sent to LISTENING PORT, results in a RST


ACK-PSH -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="AP"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  7   4.247236    10.0.0.50 -> 10.0.0.100   TCP 54 [TCP Window Update] 5000 > 81 [PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
 10   4.248504    10.0.0.50 -> 10.0.0.101   TCP 54 [TCP Window Update] 5000 > 81 [PSH, ACK] Seq=0 Ack=0 Win=8192 Len=0
 11   4.248577   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
 12   4.248994   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the ACK-PSH flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the ACK-PSH flags set, sent to LISTENING PORT, results in a RST

---------------------------------------------------------------
   
ACK-RST -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="AR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  7  14.580837    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [RST, ACK] Seq=0 Ack=0 Win=8192 Len=0
 10  14.587160    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [RST, ACK] Seq=0 Ack=0 Win=8192 Len=0


 
From the above:
Windows 2012 - Packet with ACK-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with only ACK-RST flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.   
   
ACK-RST -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="AR"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   1.871013    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [RST, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   1.871912    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [RST, ACK] Seq=0 Ack=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with ACK-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with ACK-RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

       
---------------------------------------------------------------
SYN-ACK -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="AS"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   9.046910    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  6   9.048661   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  9   9.054315    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
 12   9.056520   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the SYN-ACK flags set, sent to LISTENING PORT , results in a RST

CentOS 6.5  - Packet with the SYN-ACK flags set, sent to LISTENING PORT , results in a RST


SYN-ACK -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="AS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.001216   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.006024    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  8   0.006380   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-SYN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-SYN flags set, sent to NON-LISTENING PORT, results in a RST
   
---------------------------------------------------------------
   
FIN-ACK -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="FA"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   4   3.345117    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  5   3.346344    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  8   3.346730   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0
  9   3.346745   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-SYN flags set, sent to LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-SYN flags set, sent to LISTENING PORT, results in a RST

 
FIN-ACK -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="FA"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  4   0.001788   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0
  7   0.007718    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, ACK] Seq=0 Ack=0 Win=8192 Len=0
  8   0.008070   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST] Seq=0 Win=0 Len=0


From the above:
Windows 2012 - Packet with the URG-SYN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the URG-SYN flags set, sent to NON-LISTENING PORT, results in a RST
   
---------------------------------------------------------------

PSH-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PS"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, PSH] Seq=0 Win=8192 Len=0
  4   0.001929   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [SYN, ACK] Seq=1785425873 Ack=1 Win=8192 Len=0 MSS=1460
  7   0.008294    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, PSH] Seq=0 Win=8192 Len=0
  8   0.008872   10.0.0.101 -> 10.0.0.50    TCP 60 80 > 5000 [SYN, ACK] Seq=730449456 Ack=1 Win=14600 Len=0 MSS=1460


From the above:
Windows 2012 - Packet with the PSH-SYN flags set, sent to LISTENING PORT, results in a SYN-ACK

CentOS 6.5  - Packet with the PSH-SYN flags set, sent to LISTENING PORT, results in a SYN-ACK


PSH-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PS"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   1.380943    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, PSH] Seq=0 Win=8192 Len=0
  6   1.383989   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
  9   1.389811    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, PSH] Seq=0 Win=8192 Len=0
 12   1.392904   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0


From the above:
Windows 2012 - Packet with the PSH-SYN flags set, sent to NON-LISTENING PORT, results in a RST

CentOS 6.5  - Packet with the PSH-SYN flags set, sent to NON-LISTENING PORT, results in a RST

---------------------------------------------------------------

PSH-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="PF"),iface='eth0', count=1)..
Sent 2 packets

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, PSH] Seq=0 Win=8192 Len=0
  4   0.002823   10.0.0.100 -> 10.0.0.50    TCP 60 80 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
  7   0.007607    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, PSH] Seq=0 Win=8192 Len=0


Windows 2012 - Packet with the PSH-FIN flags set, sent to LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the PSH-FIN flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
 
PSH-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="PF"),iface='eth0', count=1)..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  3   2.501900    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, PSH] Seq=0 Win=8192 Len=0
  6   2.505076   10.0.0.100 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
  9   2.510756    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, PSH] Seq=0 Win=8192 Len=0
 12   2.513249   10.0.0.101 -> 10.0.0.50    TCP 60 81 > 5000 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0


From the above:
Windows 2012 - Packet with the PSH-FIN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the PSH-FIN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

--------------------------------------------------------------

RST-SYN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RS"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   1.253590    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [SYN, RST] Seq=0 Win=8192 Len=0
  8   1.259028    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [SYN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.
CentOS 6.5  - Packet with only RST-SYN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


RST-SYN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RS"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [SYN, RST] Seq=0 Win=8192 Len=0
  2   0.001233    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [SYN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with only RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.


CentOS 6.5
  - Packet with only RST flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

RST-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="RF"),iface='eth0', count=1)
..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5  14.172512    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, RST] Seq=0 Win=8192 Len=0
  8  14.183378    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with only RST-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012system simply drops the packet.


CentOS 6.5
  - Packet with only RST-FIN flag set, sent to LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.
 
 
RST-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="RF"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  9   4.935682    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, RST] Seq=0 Win=8192 Len=0
 10   4.936662    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, RST] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with only RST-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the Windows 2012 system simply drops the packet.


CentOS 6.5
  - Packet with only RST-FIN flag set, sent to NON-LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

--------------------------------------------------------------

SYN-FIN -> Windows 2012/CentOS 6.5 -> 80 (Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=80, flags="SF"),iface='eth0', count=1)..
Sent 2 packets.

root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'
  5   3.266392    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 80 [FIN, SYN] Seq=0 Win=8192 Len=0
  8   3.267852   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 80 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
 11   3.273375    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 80 [FIN, SYN] Seq=0 Win=8192 Len=0


From the above:
Windows 2012 - Packet with the SYN-FIN flags set, sent to LISTENING PORT , results in a RST-ACK

CentOS 6.5  - Packet with the SYN-FIN flags set, sent to a LISTENING PORT, results in a Silent Discard. That is there is no response from the TCP/IP Stack, the CentOS system simply drops the packet.

   
SYN-FIN -> Windows 2012/CentOS 6.5 -> 81 (Non-Listening)
>>> sendp(Ether()/IP(src="10.0.0.50", dst=["10.0.0.100","10.0.0.101"])/TCP(sport=5000, dport=81, flags="SF"),iface='eth0', count=1)
..
Sent 2 packets.


root@securitynik:~# tshark -n -i eth0 -Y '((tcp.port==80) or (tcp.port==81))'   1   0.000000    10.0.0.50 -> 10.0.0.100   TCP 54 5000 > 81 [FIN, SYN] Seq=0 Win=8192 Len=0
  4   0.001726   10.0.0.100 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0
  7   0.006025    10.0.0.50 -> 10.0.0.101   TCP 54 5000 > 81 [FIN, SYN] Seq=0 Win=8192 Len=0
 10   0.006219   10.0.0.101 -> 10.0.0.50    TCP 60 [TCP ACKed unseen segment] 81 > 5000 [RST, ACK] Seq=0 Ack=2 Win=0 Len=0


From the above:
Windows 2012 - Packet with the SYN-FIN flags set, sent to NON-LISTENING PORT, results in a RST-ACK

CentOS 6.5  - Packet with the SYN-FIN flags set, sent to NON-LISTENING PORT, results in a RST-ACK


If you wish to have this as a reference, you may download:
"Stimulus and Response.pdf" document.
md5:8c931888caf948504188f57440396ebc
sha-1:c4cb5b06928e660a09ddc7eaf4b7e32fb0dd1a27

stimulus-response.xlsx
MD5:6176b65c89b73e3b07a519bf77db462a
SHA-1:1ff6308e2a56a1c950e4cc5831932d78563bf853