#17 The PortscanAttack destination is not replying with the correct TCP flags

In a SYN port scan, it is expected that the attacker sends a SYN request, and the victim responds with a SYN|ACK reply. Currently, the victim is responding with the RST|ACK flags set instead.

The parameters used for the PortscanAttack are as follows:

-a "PortscanAttack" ip.src="66.66.66.66" mac.src="32:08:24:DC:8D:27" inject.at-timestamp=1476301843

The following is what is observed in Wireshark in the resulting pcap file:

101 2016-11-02 16:44:36.718 66.66.66.66 192.168.178.13  TCP 60  0   8542→8080 [SYN] Seq=0 Win=8192 Len=0
102 2016-11-02 16:44:36.718 192.168.178.13  66.66.66.66 TCP 60  0   8080→8542 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

By default the port 8080 should be scanned and should be marked as open, is this not correct?

The problem lies in file "PortscanAttack.py" in line 127. I see no reason for converting "dport" to a string. In the line

if str(dport) in self.get_param_value(Param.PORT_OPEN):

wouldn't it make more sense to drop the "str(dport)" and just have:

if dport in self.get_param_value(Param.PORT_OPEN):

@patrick.jattke can you confirm if this fix is not breaking functionality somewhere else?

@carlos.garcia I can confirm. The _is_port method which writes the port value in the params list always returns an int or a list of int.

I improved the comment for _is_port in commit aed49ee.