Solved

Why do sequence numbers jump?

Posted on 2004-09-01
6
533 Views
Last Modified: 2008-03-10
Looking at this:
http://mvpbaseball.cc/capture.jpg

It says  
Sequence number :     58401
Next Sequence number:59346

What happend to to 58402? lol

Thanks, been wondering this a while
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
ID: 11960050
TCP Sequence Numbers are deliberately randomized to prevent, or at least make it harder for, an attacker to guess the next number in a TCP session and thereby be able to forge packets that might be accepted by one host (or both hosts) in a TCP conversation. There's this specific vulnerabilty, as an example:

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

And this is a more general discussion:

http://lcamtuf.coredump.cx/newtcp/

This isn't new. The idea was first floated in 1989 by a Bell Labs research paper. However, it wasn't until the late 90s before vendors began to seriously address the issue, and for M$, it was, predictably, even longer (they essentially used the same TCP/IP stack from W9x thru W2K).

The "fix" is to randomize TCP sequence numbers - tools like nmap can use sequencing as a tool to "fingerprint" an OS, based on the behaviour of its TCP/IP stack (among other things, but I understand this is a reliable way to identify M$ garbage). Different platforms do this different ways. For example, in Solaris, you can modify /etc/default/inetinit and increase the value of the TCP_ISS_STRONG setting to affect how the OS randomizes its TCP sequencing. Tools like nmap will also report the vulnerability of given implementations.
0
 
LVL 4

Accepted Solution

by:
HackLife earned 250 total points
ID: 11960104
No. The Sequence number is 58401

The packet length for that sequent number is 945

58401 + 945 = 59346

The next Sequence number is 59346

945 + 20 (IP Header) + 20 (TCP Header) = 985

985 = Total Length.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11960197
PsiCop is actually referring to the initial sequence number, which IS randomized.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
ID: 11960236
Oh, and not every system generates the sequence number this way....
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
ID: 11960694
Yes, I got off on a tangent and failed to distinguish between ISNs and what dissolved was asking about. Didn't mean to confuse.
0
 

Author Comment

by:dissolved
ID: 11962252
Thanks guys
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month10 days, 15 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question