#!/usr/sbin/hping3 exec

## Put here your local address
set saddr "192.168.1.253"

## Put here address of the server
set daddr "example.com"
set sport [expr int(rand()*65536)]
set dport 80

set p "ip(ttl=64,saddr=$saddr,daddr=$daddr)+tcp(sport=$sport,dport=$dport,flags=,win=65535,seq=0,ack=0)"

set outifname "any"

set filter "tcp" 
append filter " and src host $daddr"
append filter " and dst host $saddr"
append filter " and src port $dport"
append filter " and dst port $sport"
hping setfilter $outifname $filter

# send SYN
set syn $p
set syn [hping setfield tcp flags S $syn]
append syn "+tcp.mss(size=1400)"

puts "<= $syn"
hping send $syn
set myseqn 1

# wait for SYN+ACK
while {1} {
	set inp [hping recv $outifname]
	puts "=> $inp"
	set peerseqn [hping getfield tcp seq $inp] 
	set myackn [expr $peerseqn + 1]
	if {[hping getfield tcp flags $inp] == "sa"} break
}

## send ACK with data
set data "GET / HTTP/1.0\r\n\r\n"
set ack $p
set ack [hping setfield tcp flags a $ack]
set ack [hping setfield tcp seq $myseqn $ack]
set ack [hping setfield tcp ack $myackn $ack]
append ack "+data(str=$data)"
puts "<= $ack"
hping send $ack
set myseqn [expr [string length $data] + $myseqn]

## wait for some data to arrive
while {1} {
	set inp [hping recv -hexdata $outifname]
	puts "=> $inp"
	if {[hping hasfield data hex $inp] != 0} {
		set data [hping getfield data hex $inp]
		set myackn [expr [string length $data] / 2 + $myackn]
		break
	}
}

## ack received segment and clamp win down to 0
set ack $p
set ack [hping setfield tcp flags a $ack]
set ack [hping setfield tcp seq $myseqn $ack]
set ack [hping setfield tcp ack $myackn $ack]
set ack [hping setfield tcp win 0 $ack]
puts "<= $ack"
hping send $ack

# vim: filetype=tcl
#