IDS mailing list archives
Article on TCP sequence numbers
From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Mon, 12 Jan 2004 13:58:37 -0800 (PST)
Today I was reading a new book on "intrusion detection and prevention" which repeats an often misinformed interpretation of TCP sequence numbers. The book said: "When either party wishes to send data to the other, it will send a packet with the ACK flag set, with an acknowledgement of the last sequence number (in the Acknowledgement field) received from the remote host, and with its own sequence number incremented to reflect the amount of data being transmitted." This gets both the acknowledgement and sequence numbers wrong. I wrote an article that tracks sequence numbers through a simple TCP session. By using Ethereal screen shots, you can see how the sequence and acknowledgement numbers change as data is passed. The article is posted at http://taosecurity.blogspot.com/2004_01_01_taosecurity_archive.html#107392507333463857 Sincerely, Richard Bejtlich http://www.taosecurity.com __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Article on TCP sequence numbers Richard Bejtlich (Jan 13)