This article explains how to create a raw socket and use it to do an SYN or ACK or XMAS scan using python, note that you could also use it to make a Denial of Service attack (syn flooding ...)See code below:

import socket,structfrom struct import *# checksum functions needed for tcp checksum , found it in internetdef checksum(msg):s = 0# loop taking 2 characters at a timefor i in range(0, len(msg), 2):w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )s = s + ws = (s>>16) + (s & 0xffff);#s = s + (s >> 16);#complement and mask to 4 byte shorts = ~s & 0xffffreturn s#create a raw sockettry:s = socket.socket(socket.AFINET, socket.SOCKRAW, socket.IPPROTOTCP)except socket.error , msg:print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]sys.exit()# tell kernel not to put in headers, since we are providing its.setsockopt(socket.IPPROTOIP, socket.IPHDRINCL, 1)# now start constructing the packetpacket = '';sourceip = '127.0.0.1'destip = '127.0.0.1'# or socket.gethostbyname('www.google.com')# ip header fieldsihl = 5version = 4tos = 0totlen = 20id = 54321 #Id of this packetfragoff = 0ttl = 255protocol = socket.IPPROTOTCPcheck = 10 # python seems to correctly fill the checksumsaddr = socket.inetaton ( sourceip ) #Spoof the source ip address if you want todaddr = socket.inetaton ( destip )ihlversion = (version << 4) + ihl# the ! in the pack format string means network orderipheader = pack('!BBHHHBBH4s4s' , ihlversion, tos, totlen, id, fragoff, ttl, protocol, check, saddr, daddr)import socket,structfrom struct import # checksum functions needed for tcp checksum , found it in internetdef checksum(msg):s = 0# loop taking 2 characters at a timefor i in range(0, len(msg), 2):w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )s = s + ws = (s>>16) + (s & 0xffff);#s = s + (s >> 16);#complement and mask to 4 byte shorts = ~s & 0xffffreturn s#create a raw sockettry:s = socket.socket(socket.AFINET, socket.SOCKRAW, socket.IPPROTOTCP)except socket.error , msg:print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]sys.exit()# tell kernel not to put in headers, since we are providing its.setsockopt(socket.IPPROTOIP, socket.IPHDRINCL, 1)# now start constructing the packetpacket = '';sourceip = '127.0.0.1'destip = '127.0.0.1'# or socket.gethostbyname('www.google.com')# ip header fieldsihl = 5version = 4tos = 0totlen = 20id = 54321 #Id of this packetfragoff = 0ttl = 255protocol = socket.IPPROTOTCPcheck = 10 # python seems to correctly fill the checksumsaddr = socket.inetaton ( sourceip ) #Spoof the source ip address if you want todaddr = socket.inetaton ( destip )ihlversion = (version << 4) + ihl# the ! in the pack format string means network orderipheader = pack('!BBHHHBBH4s4s' , ihlversion, tos, totlen, id, fragoff, ttl, protocol, check, saddr, daddr)# tcp header fieldssource = 12345 # source portdest = 5555 # destination portseq = 0ackseq = 0doff = 5 #4 bit field, size of tcp header, 5 4 = 20 bytes#tcp flagsfin = 0syn = 1rst = 0psh = 0ack = 0urg = 0window = socket.htons (5840)#maximum allowed window sizecheck = 0urgptr = 0offsetres = (doff << 4) + 0tcpflags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)# the ! in the pack format string means network ordertcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, check, urgptr)# pseudo header fields for checksum calcssourceaddress = socket.inetaton( sourceip )destaddress = socket.inetaton(destip)placeholder = 0protocol = socket.IPPROTOTCPtcplength = len(tcpheader)psh = pack('!4s4sBBH' , sourceaddress , destaddress , placeholder , protocol , tcplength);psh = psh + tcpheader;tcpchecksum = checksum(psh)# make the tcp header again and fill the correct checksumtcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, tcpchecksum , urgptr)# final full packet - syn packets dont have any datapacket = ipheader + tcpheader#Send the packet finally - the port specified has no effects.sendto(packet, (destip , 0 )) # put this in a loop if you want to flood the target# tcp header fieldssource = 12345 # source portdest = 5555 # destination portseq = 0ackseq = 0doff = 5 #4 bit field, size of tcp header, 5 * 4 = 20 bytes#tcp flagsfin = 0syn = 1rst = 0psh = 0ack = 0urg = 0window = socket.htons (5840) # maximum allowed window sizecheck = 0urgptr = 0offsetres = (doff << 4) + 0tcpflags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)# the ! in the pack format string means network ordertcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, check, urgptr)# pseudo header fields for checksum calcssourceaddress = socket.inetaton( sourceip )destaddress = socket.inetaton(destip)placeholder = 0protocol = socket.IPPROTOTCPtcplength = len(tcpheader)psh = pack('!4s4sBBH' , sourceaddress , destaddress , placeholder , protocol , tcplength);psh = psh + tcpheader;tcpchecksum = checksum(psh)# make the tcp header again and fill the correct checksumtcpheader = pack('!HHLLBBHHH' , source, dest, seq, ackseq, offsetres, tcpflags, window, tcpchecksum , urgptr)# final full packet - syn packets dont have any datapacket = ipheader + tcpheader#Send the packet finally - the port specified has no effects.sendto(packet, (destip , 0 ))# put this in a loop if you want to flood the target

Career Development
June 5, 2023
The Cost of CISSP Training for Practitioners and Businesses
Acquire information security knowledge through Cybrary. Free online courses, live sessions, and business classes help secure a rewarding career in cybersecurity. Stand out & reach career goals with the CISSP certification!