Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: a question about the TCP connection

a question about the TCP connection 13 years 3 months ago #436

  • fatcat
  • fatcat's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
hello,all.

I have a simple question:
When a TCP connection is established, why the
initial sequence number on the connection is not zero?

thanks.
fatcat
The administrator has disabled public write access.

a question about the TCP connection 13 years 2 months ago #437

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Fatcat,

Even though it might seem like a logical way for the sequencing to start from 0 and increment as more packets are being received and sent, it actually dosen't work that way.

In fact I am not really sure how the sequencing numbering works, but my opinion is that there is some type of algorithim used to select a random sequence number which will be used with a new connection.

There is also some security problems involved with a 'predicted' type of sequencing. If you knew the exact sequence numbers a host would be using, it would certainly present a threat, small in size, but still is a problem.

If you find any website with information on the topic, let us know, I'd personaly be interestead in it, especially now that I am rewritting the whole TCP section, expanding it from one page (current) to over 7 pages

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

a question about the TCP connection 13 years 2 months ago #438

  • thorpe
  • thorpe's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
I am still working through the tcp 3 way handshake but I believe that the sequence number is changing every 4 microseconds. the increment is by 64000, and it will cycle back to 0 every 9.5 hours

The reson for this is to prevent network delayed packets from being entered in to an incorrect connection. Basicly the ISN inital sequence number is trying to make a connection more unique and to stop old packets entering wrong connections.

I hope that this basic piece of information helps, If any of this is incorrect please reply
The administrator has disabled public write access.

a question about the TCP connection 13 years 2 months ago #439

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Thorpe,

I've been wondering on the Internet for more information on how the Sequencing works and Ive come to the conclusion that the Initial Sequence numbering algorithim is different for each operating system.

What I haven't been able to find out as yet is how the sequence numbering increments. I'm not sure if its a time factor based (as you suggested) or has also got to do with the Window size field in the tcp header.

Have you got any information on the above ?
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

a question about the TCP connection 13 years 2 months ago #440

  • thorpe
  • thorpe's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
I agree that the implementation does differ on different o/s

here is some info I read from and Old rfc (793)

Since connections must be established between unreliable hosts and over the unreliable internet communication system, a handshake mechanism with clock-based sequence numbers is used to avoid erroneous initialization of connections.

To avoid confusion we must prevent segments from one incarnation of a connection from being used while the same sequence numbers may still be present in the network from an earlier incarnation. We want to assure this, even if a TCP crashes and loses all knowledge of the sequence numbers it has been using. When new connections are created, an initial sequence number (ISN) generator is employed which selects a new 32 bit ISN. The generator is bound to a possibly fictitious) 32 bit clock whose low order bit is incremented roughly every 4 microseconds. Thus, the ISN cycles approximately every 4.55 hours.
Since we assume that segments will stay in the network no more than
the Maximum Segment Lifetime (MSL) and that the MSL is less than 4.55
hours we can reasonably assume that ISN's will be unique.

From this info I can say that the ISN is clock based on each TCP but I am unsure if every implementation follows this to the letter??

I am by no means an expert and I am still working through TCP and some of my understanding may be incorrect. and I must say what a fantisic site for network beginners and experts keep up the good work

a good refernce on tcp/ip is tcp/ip illustrated by richard stevens vol 1
The administrator has disabled public write access.

a question about the TCP connection 13 years 2 months ago #441

  • thorpe
  • thorpe's Avatar
  • Offline
  • Frequent Member
  • Posts: 45
  • Karma: 0
I have just found some information regarding ISN's stating that most tcp Implementations dont follow the RF 793 I described above and increment the isn 128000 every second and and extra 64000 after every connection (isn prediction attacks) the url is http://www.camtp.uni-mb.si/books/Internet-Book/TCP_SEQPrediction.html
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup