Skip to main content

a question about the TCP connection

More
21 years 6 months ago #436 by fatcat
hello,all.

I have a simple question:
When a TCP connection is established, why the
initial sequence number on the connection is not zero?

thanks.

fatcat
More
21 years 5 months ago #437 by Chris
Fatcat,

Even though it might seem like a logical way for the sequencing to start from 0 and increment as more packets are being received and sent, it actually dosen't work that way.

In fact I am not really sure how the sequencing numbering works, but my opinion is that there is some type of algorithim used to select a random sequence number which will be used with a new connection.

There is also some security problems involved with a 'predicted' type of sequencing. If you knew the exact sequence numbers a host would be using, it would certainly present a threat, small in size, but still is a problem.

If you find any website with information on the topic, let us know, I'd personaly be interestead in it, especially now that I am rewritting the whole TCP section, expanding it from one page (current) to over 7 pages [img]images/smiles/icon_smile.gif[/img]

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
21 years 5 months ago #438 by thorpe
I am still working through the tcp 3 way handshake but I believe that the sequence number is changing every 4 microseconds. the increment is by 64000, and it will cycle back to 0 every 9.5 hours

The reson for this is to prevent network delayed packets from being entered in to an incorrect connection. Basicly the ISN inital sequence number is trying to make a connection more unique and to stop old packets entering wrong connections.

I hope that this basic piece of information helps, If any of this is incorrect please reply
More
21 years 5 months ago #439 by Chris
Thorpe,

I've been wondering on the Internet for more information on how the Sequencing works and Ive come to the conclusion that the Initial Sequence numbering algorithim is different for each operating system.

What I haven't been able to find out as yet is how the sequence numbering increments. I'm not sure if its a time factor based (as you suggested) or has also got to do with the Window size field in the tcp header.

Have you got any information on the above ?

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
21 years 5 months ago #440 by thorpe
I agree that the implementation does differ on different o/s

here is some info I read from and Old rfc (793)

Since connections must be established between unreliable hosts and over the unreliable internet communication system, a handshake mechanism with clock-based sequence numbers is used to avoid erroneous initialization of connections.

To avoid confusion we must prevent segments from one incarnation of a connection from being used while the same sequence numbers may still be present in the network from an earlier incarnation. We want to assure this, even if a TCP crashes and loses all knowledge of the sequence numbers it has been using. When new connections are created, an initial sequence number (ISN) generator is employed which selects a new 32 bit ISN. The generator is bound to a possibly fictitious) 32 bit clock whose low order bit is incremented roughly every 4 microseconds. Thus, the ISN cycles approximately every 4.55 hours.
Since we assume that segments will stay in the network no more than
the Maximum Segment Lifetime (MSL) and that the MSL is less than 4.55
hours we can reasonably assume that ISN's will be unique.

From this info I can say that the ISN is clock based on each TCP but I am unsure if every implementation follows this to the letter??

I am by no means an expert and I am still working through TCP and some of my understanding may be incorrect. and I must say what a fantisic site for network beginners and experts keep up the good work

a good refernce on tcp/ip is tcp/ip illustrated by richard stevens vol 1
More
21 years 5 months ago #441 by thorpe
I have just found some information regarding ISN's stating that most tcp Implementations dont follow the RF 793 I described above and increment the isn 128000 every second and and extra 64000 after every connection (isn prediction attacks) the url is www.camtp.uni-mb.si/books/Internet-Book/TCP_SEQPrediction.html
Time to create page: 0.138 seconds