Article on TCP sequence numbers
From: Richard Bejtlich (richard_bejtlich_at_yahoo.com)
Date: 01/12/04
- Previous message: Stefano Zanero: "Re: self authentication for sensors in ids ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Jan 2004 13:58:37 -0800 (PST) To: focus-ids@securityfocus.com
Today I was reading a new book on "intrusion detection
and prevention" which repeats an often misinformed
interpretation of TCP sequence numbers. The book said:
"When either party wishes to send data to the other,
it will send a packet with the ACK flag set, with an
acknowledgement of the last sequence number (in the
Acknowledgement field) received from the remote host,
and with its own sequence number incremented to
reflect the amount of data being transmitted." This
gets both the acknowledgement and sequence numbers
wrong.
I wrote an article that tracks sequence numbers
through a simple TCP session. By using Ethereal
screen shots, you can see how the sequence and
acknowledgement numbers change as data is passed.
The article is posted at
http://taosecurity.blogspot.com/2004_01_01_taosecurity_archive.html#107392507333463857
Sincerely,
Richard Bejtlich
http://www.taosecurity.com
__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Stefano Zanero: "Re: self authentication for sensors in ids ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
