+ Post New Thread
Results 1 to 8 of 8
Wired Networks Thread, Patient Clarification Needed - TCP Seq and Ack Numbers, Do I Have This Right? in Technical; Okay, for some reason I'll get my head around this and then I'll casually be reading something days later which ...
  1. #1

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,010
    Thank Post
    285
    Thanked 298 Times in 180 Posts
    Rep Power
    124

    Patient Clarification Needed - TCP Seq and Ack Numbers, Do I Have This Right?

    Okay, for some reason I'll get my head around this and then I'll casually be reading something days later which makes me doubt I have really got this.

    So yeah, if I just brain dump here and anyone feels like picking through it I'll be very grateful.

    I did the following in MSPaint:



    Packet 1>2 is "Hello! Pls talk to me, that ok?" SYN flag set. Seq and Ack did nothing yet.

    Packet 2<3 is "OMG hi we can talk, that ok?" SYN and ACK flags set, Ack is 1 because that's the acknowledgement of that first packet.

    Packet 3>4 is "OMG let's talk then!" ACK flag set, Ack is still 1, but that previous Ack=1 means Seq is now 1. No bigger as there's actually no 'data' just flags.

    Packet 4<5 is "LOOL here's your first bunch of data!" which is 100 bytes in size.

    Packet 5>6 (this is where I start to fall down) is "OMFG thanks. Here's some data for you. I need part 101 next" The Seq is STILL 1 at this point, but I'm not 100% on why... Anyway, the Ack is now 101 because the last packet it got was 100 bytes in length, so the 101 is saying "I got 100 bytes. That number of bytes I added to the previous Seq number, so this now shows you how many I got, by my new Ack number, which is the Seq number I need NEXT from you in the stream of stuff we're sending ."

    Packet 6<7 "Okay, my Seq is 101. This means I'm recognising that I got your Ack of 101 last time. Also, my Ack is now 131, which means I got YOUR Ack of 101 and ALSO got 30 bytes in the last packet. AND TO BOOT HERE'S 200 bytes OF F-ING DATA!"

    Packet 7>8 "Right, my Seq is 131 because that's what you wanted from your last Ack number. I got 200 bytes and added that to the last Ack number, so next I'll need part 331 of the sequence, so here's the Ack number 331. Oh and here is some data for YOU, to the tune of 20 bytes because we're windowing like retards here.

    Packet 8>9 "Kewl, I'm replying with Seq=331 because that's what you wanted from your last Ack, I'm recognising your last packet in bytes plus your last Ack, to give me the Seq number of the NEXT thing I'll need which is my Ack=351, and here's your 100 bytes."

    ...blah blah.

    As you can see, I've TRIED to put it in plain English, but am I going wrong anywhere? If so, where?

    Thanks for the help!

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    You are correct but only for relative TCP SEQ/ACK numbers. Additionally you've not considered four way handshakes.

  3. Thanks to Geoff from:

    Miscbrah (29th April 2013)

  4. #3

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,010
    Thank Post
    285
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Thanks Geoff!!!!

    Um, what are these relative TCP SEQ/ACK numbers? Do you mean only for the rather simplistic example I've made, where there's one instance of to/fro I've given? Or is that something else?

    Second 'um' is that yes I've not considered four way handshakes. What are those?

    ...I have this feeling the answer to BOTH of those is 'carry on with your CCNA until you hit those' and, if so, can I rest easy in that I'm at least getting the basics and going in the right direction?

    Again, cheers.

  5. #4

    Join Date
    Feb 2013
    Posts
    119
    Thank Post
    46
    Thanked 8 Times in 7 Posts
    Rep Power
    5
    The next host name I'm going to use is definately "Docker".

  6. #5

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,010
    Thank Post
    285
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Quote Originally Posted by catch21 View Post
    The next host name I'm going to use is definately "Docker".
    I have no idea why but I'm pleased for you.

  7. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Quote Originally Posted by Miscbrah View Post
    Thanks Geoff!!!!

    Um, what are these relative TCP SEQ/ACK numbers? Do you mean only for the rather simplistic example I've made, where there's one instance of to/fro I've given? Or is that something else?

    Second 'um' is that yes I've not considered four way handshakes. What are those?

    ...I have this feeling the answer to BOTH of those is 'carry on with your CCNA until you hit those' and, if so, can I rest easy in that I'm at least getting the basics and going in the right direction?

    Again, cheers.
    If you are looking at a connection setup in Wireshark it will show you relative seqence numbers (unless you tell it not to) which means the sequences numbers start from 0 at the first SYN. Depending on the OS, it might actually be using any number as the start sequence number (as an aside, this is an important 'fingerprint' in OS detection used in software such as NMap).

    A Four way handshake is where one system rejects the proposed sequence number in the inital SYN and sets its own, to which the other agrees. So there's just an extra step basically.

  8. #7

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    1,010
    Thank Post
    285
    Thanked 298 Times in 180 Posts
    Rep Power
    124
    Quote Originally Posted by Geoff View Post
    If you are looking at a connection setup in Wireshark it will show you relative seqence numbers (unless you tell it not to) which means the sequences numbers start from 0 at the first SYN. Depending on the OS, it might actually be using any number as the start sequence number (as an aside, this is an important 'fingerprint' in OS detection used in software such as NMap).

    A Four way handshake is where one system rejects the proposed sequence number in the inital SYN and sets its own, to which the other agrees. So there's just an extra step basically.
    Ah right! So this is the part I've read about, where the first seq number isn't really 0, it's some supposedly random number between 0 - 4294967297 but there are ways of telling what any OS might spit out at a given time.

    I shall look at four way handshakes, or await those in my course.

    Docker! I mean thanks!

  9. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Quote Originally Posted by Miscbrah View Post
    Ah right! So this is the part I've read about, where the first seq number isn't really 0, it's some supposedly random number between 0 - 4294967297 but there are ways of telling what any OS might spit out at a given time.
    Speaking of time, some OS's use an encoded version of the current date/time as the sequence number, so it's possible to use them as an alternative to NTP. Other OS's use the number of seconds since boot up, so you can determine it's uptime. This is generally frowned upon these days, as guessable sequence numbers makes the connection hijackable.
    Last edited by Geoff; 2nd May 2013 at 10:07 AM.



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 8th November 2010, 11:46 AM
  2. Sunray 2 help needed with MMR and usb redirection
    By nickandcath in forum Thin Client and Virtual Machines
    Replies: 8
    Last Post: 23rd June 2010, 05:09 PM
  3. Need a cheap and quality printer
    By devendrakardam in forum Hardware
    Replies: 5
    Last Post: 20th May 2010, 01:55 PM
  4. Win 7 and the Number Lock
    By welshrt in forum Windows 7
    Replies: 3
    Last Post: 13th May 2010, 05:07 PM
  5. Replies: 0
    Last Post: 21st January 2010, 11:32 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •