A lightweight Python + Scapy tool that analyzes how outbound TCP connection attempts are handled on the network path — distinguishing between accepted, rejected, blocked, and silently dropped connections.
This is not a scanner or exploit tool.
It observes real traffic generated by your system and classifies the responses.
When your system initiates TCP connections, what actually happens?
- ✅ Is the target open and reachable?
- ❌ Is the target actively rejecting connections (TCP RST)?
- 🚫 Is a router or firewall blocking traffic (ICMP Unreachable)?
- 🕳️ Are packets being silently dropped (no response)?
This tool gives evidence-based answers using packet-level inspection.
- Tracks outbound TCP SYN packets sent by your host
- Correlates inbound responses by 4-tuple:
- Destination IP
- Destination port
- Source port
- Classifies responses as:
- SYN/ACK → connection accepted
- RST → connection rejected
- ICMP Type 3 → network / policy unreachable
- Timeout → filtered or dropped
The script reports:
- SYNs sent
- SYN/ACK received (allowed)
- RST received (rejected)
- ICMP Unreachable (by code)
- Timeouts (no response)
Example conclusion output:
Conclusion: Most attempts got no response (possible filtering or silent drops).
- Python 3.8+
- Scapy
- Root / Administrator privileges (packet capture required)
pip install scapysudo python3 syn_response_analyzer.pycurl https://example.comOr open a browser and load multiple sites.
Press Ctrl+C to stop capture and view results.
| Code | Meaning |
|---|---|
| 0 | Network unreachable |
| 1 | Host unreachable |
| 3 | Port unreachable |
| 10 | Communication administratively prohibited |
| 13 | Administratively prohibited (firewall) |
📝 Note: Codes 10 and 13 often indicate explicit firewall policy blocks.
- NAT or upstream firewalls may suppress ICMP messages
- Timeouts ≠ guaranteed blocking (could be loss or rate limiting)
- Does not attempt retries or retransmission analysis
- Observes traffic — does not generate probes itself
This tool is intended for:
- Network diagnostics
- Firewall policy validation
- Defensive security research
- Infrastructure troubleshooting
⚠️ Important: Only run on systems and networks you own or are authorized to test.
Contributions are welcome! To participate:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-enhancement - Commit your changes:
git commit -m "Add: your feature" - Push to your fork:
git push origin feature/your-enhancement - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
Found a bug or have a feature request? Please open an issue with:
- Steps to reproduce
- Expected vs actual behavior
- Python and Scapy versions
- Operating system
This project is licensed under the GNU General Public License v3.0.
See the LICENSE file for full details.
AfterPacket
🔗 https://github.com/AfterPacket
- Built with Scapy - the powerful Python packet manipulation library
- Inspired by network troubleshooting and security research needs
- Thanks to the open-source community
Happy Network Analyzing! 🔍📡