Solved

Why do sequence numbers jump?

Posted on 2004-09-01
6
457 Views
Last Modified: 2008-03-10
Looking at this:
http://mvpbaseball.cc/capture.jpg

It says  
Sequence number :     58401
Next Sequence number:59346

What happend to to 58402? lol

Thanks, been wondering this a while
0
Comment
Question by:dissolved
  • 3
  • 2
6 Comments
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
Comment Utility
TCP Sequence Numbers are deliberately randomized to prevent, or at least make it harder for, an attacker to guess the next number in a TCP session and thereby be able to forge packets that might be accepted by one host (or both hosts) in a TCP conversation. There's this specific vulnerabilty, as an example:

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

And this is a more general discussion:

http://lcamtuf.coredump.cx/newtcp/

This isn't new. The idea was first floated in 1989 by a Bell Labs research paper. However, it wasn't until the late 90s before vendors began to seriously address the issue, and for M$, it was, predictably, even longer (they essentially used the same TCP/IP stack from W9x thru W2K).

The "fix" is to randomize TCP sequence numbers - tools like nmap can use sequencing as a tool to "fingerprint" an OS, based on the behaviour of its TCP/IP stack (among other things, but I understand this is a reliable way to identify M$ garbage). Different platforms do this different ways. For example, in Solaris, you can modify /etc/default/inetinit and increase the value of the TCP_ISS_STRONG setting to affect how the OS randomizes its TCP sequencing. Tools like nmap will also report the vulnerability of given implementations.
0
 
LVL 4

Accepted Solution

by:
HackLife earned 250 total points
Comment Utility
No. The Sequence number is 58401

The packet length for that sequent number is 945

58401 + 945 = 59346

The next Sequence number is 59346

945 + 20 (IP Header) + 20 (TCP Header) = 985

985 = Total Length.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
PsiCop is actually referring to the initial sequence number, which IS randomized.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 250 total points
Comment Utility
Oh, and not every system generates the sequence number this way....
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 250 total points
Comment Utility
Yes, I got off on a tangent and failed to distinguish between ISNs and what dissolved was asking about. Didn't mean to confuse.
0
 

Author Comment

by:dissolved
Comment Utility
Thanks guys
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now