I’ve been using Scapy to send SCCP or Skinny packets to my Cisco Desk Phone. However I keep getting these TCP Retransmission errors, and I believe this is causing the Cisco Phone to not respond. I have a program that can successfully command the phone to dial. For instance, the program at “10.10.50.12” sends four packets, and gets two ACKs from the phone (“10.30.37.78”). See below:
However, when I use Python and send the commands with Scapy:
The four packets are sent, and even recognized as particular messages by Wireshark, however I get the TCP Retransmission error and no ACK from the phone.
Strangely, there is nothing special about “SetLampMessage” so that it does not get the error. It’s simply because it was the first sent packet. If I were to arrange the order of the packets differently, whichever gets sent first gets no error.
I have tried comparing the hex outputs, here’s hex comparisons of the SetLampMessage:
Most of the discrepancies between the hex outputs have to do with Identifications and Checksums. My identifications always equal 0x0001 somehow but I do not believe this is the issue because I’ve been able to send plain TCP packets with no error even though they all have the same ID.
I’ve Googled “TCP Retransmission” errors and it seems most of them are due to not getting an ACK sent back, I don’t think this is the cause either because I’ve set various pause times in-between each sent packet to verify whether or not my packets are being sent too quickly.
Does an enlightened individual have an idea as to what I am doing to cause these errors?
After some work, I have discovered that my issue lies in the Sequence and Acknowledgement numbers in the TCP headers of the packets that I send. I was sending a “0x0001” for both of these values.
I especially found this article very helpful in the understanding of how these values work:
To solve my problem, I watched the Seq and Ack numbers between the Cisco Desk phone and a Call Manager. I would then predict, and calculate the next Seq and Ack values and then send my packets appropriately.
You can see in the image above that my “Skinny” messages, starting with “SetLampMessage” does not recieve the TCP Retransmission error anymore.
However, my Cisco phone is persistent on not responding and continues to hates me, but that is beside the point.