?
Solved

Why do sequence numbers jump?

Posted on 2004-09-01
6
Medium Priority
?
557 Views
Last Modified: 2008-03-10
Looking at this:
http://mvpbaseball.cc/capture.jpg

It says  
Sequence number :     58401
Next Sequence number:59346

What happend to to 58402? lol

Thanks, been wondering this a while
0
Comment
Question by:dissolved
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 1000 total points
ID: 11960050
TCP Sequence Numbers are deliberately randomized to prevent, or at least make it harder for, an attacker to guess the next number in a TCP session and thereby be able to forge packets that might be accepted by one host (or both hosts) in a TCP conversation. There's this specific vulnerabilty, as an example:

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

And this is a more general discussion:

http://lcamtuf.coredump.cx/newtcp/

This isn't new. The idea was first floated in 1989 by a Bell Labs research paper. However, it wasn't until the late 90s before vendors began to seriously address the issue, and for M$, it was, predictably, even longer (they essentially used the same TCP/IP stack from W9x thru W2K).

The "fix" is to randomize TCP sequence numbers - tools like nmap can use sequencing as a tool to "fingerprint" an OS, based on the behaviour of its TCP/IP stack (among other things, but I understand this is a reliable way to identify M$ garbage). Different platforms do this different ways. For example, in Solaris, you can modify /etc/default/inetinit and increase the value of the TCP_ISS_STRONG setting to affect how the OS randomizes its TCP sequencing. Tools like nmap will also report the vulnerability of given implementations.
0
 
LVL 4

Accepted Solution

by:
HackLife earned 1000 total points
ID: 11960104
No. The Sequence number is 58401

The packet length for that sequent number is 945

58401 + 945 = 59346

The next Sequence number is 59346

945 + 20 (IP Header) + 20 (TCP Header) = 985

985 = Total Length.
0
 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11960197
PsiCop is actually referring to the initial sequence number, which IS randomized.
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 4

Assisted Solution

by:HackLife
HackLife earned 1000 total points
ID: 11960236
Oh, and not every system generates the sequence number this way....
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 1000 total points
ID: 11960694
Yes, I got off on a tangent and failed to distinguish between ISNs and what dissolved was asking about. Didn't mean to confuse.
0
 

Author Comment

by:dissolved
ID: 11962252
Thanks guys
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question