IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Article on TCP sequence numbers

From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Mon, 12 Jan 2004 13:58:37 -0800 (PST)
Today I was reading a new book on "intrusion detection
and prevention" which repeats an often misinformed
interpretation of TCP sequence numbers. The book said:

"When either party wishes to send data to the other,
it will send a packet with the ACK flag set, with an
acknowledgement of the last sequence number (in the
Acknowledgement field) received from the remote host,
and with its own sequence number incremented to
reflect the amount of data being transmitted." This
gets both the acknowledgement and sequence numbers
wrong.

I wrote an article that tracks sequence numbers
through a simple TCP session.  By using Ethereal
screen shots, you can see how the sequence and
acknowledgement numbers change as data is passed.

The article is posted at

http://taosecurity.blogspot.com/2004_01_01_taosecurity_archive.html#107392507333463857

Sincerely,

Richard Bejtlich
http://www.taosecurity.com

__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus

---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: