Re: establish connection without tcp options

Mon, 02 Jun 2008 00:50:01 -0700 

Victor Hugo Bilouro wrote:

On Sun, Jun 1, 2008 at 5:45 PM, Andre Oppermann <[EMAIL PROTECTED]> wrote:

Victor Hugo Bilouro wrote:

 syn---------------------------------
sport 59966
dport 22022
sequence 874312230
ack_number 0
offset 5
reserved 0
urgent 0
ack 0
push 0
reset 0
syn 1
fin 0
window 65535
checksum 50667
urg_pointer 0

---------------------------------

 syn+ack-----------------------------
sport 22022
dport 59966
sequence 2755934977
ack_number 874312231
offset 6
reserved 0
urgent 0
ack 1
push 2
reset 4
syn 9
fin 0
window 65535
checksum 52952
urg_pointer 0

---------------------------------

 ack---------------------------------
sport 59966
dport 22022
sequence 874312230

^^^^^^^^^^^^^^ increment by one for SYN you sent.
See also the ACK you got back above.


ack_number 2755934978
offset 5
reserved 0
urgent 0
ack 1
push 0
reset 0
syn 0
fin 0
window 65535
checksum 59030
urg_pointer 0
---------------------------------

...and the log showed:
TCP [192.168.1.10]:59966 to [192.168.1.20]:22022 tcpflags 0x10<ACK>;
syncache_expand: SEQ 874312230 != IRS+1 874312230, segment rejected.

I'm still working...

You should familiarize yourself some more with the sequence number
system TCP uses.  The Stevens books "TCP/IP Illustrated" Volume 1+2
are very good for that.

--
Andre



PS.: I forgot to copy the list in the previous email exchanging, so
I'm doing now....


Andre, thank you SO VERY MUCH. It's working fine!

As every book show tcpdump examples of connection establishment , and
when the SYN flag is 0(as step #3 of three way handshake), sequence
number(SN) are omitted of dump, BUT, it's present.


You should use the "-S" option to tcpdump.  It will show absolute
sequence number instead of relative ones (as guessed by tcpdump).


The thing is, the SN is present but it isn't consumed.  So, packets
that don't consumes the SN, must have the last consumed SN + 1.

Only for curiosity, linux  and windows 2k accomplished without
problems the three way handshake without Sequence Number filled on
step #3.


I have a hard time believing that.  At most they may have sent you
a retransmit or a challenge-ACK.

--
Andre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to