Is the tcp "options" header always preserved over switches, routers, & firewalls?

Posted on 2008-10-16
Last Modified: 2013-11-29
I want to make use of the TCP "options" header (see in an application.  Is the tcp "options" header always preserved over switches, routers, & firewalls?
Question by:Juzzam2
1 Comment

Accepted Solution

larsga earned 250 total points
ID: 22743318
Are you asking about putting un-standardised data in the header? If you diverge from the already standardised option types, you risk getting into problems with devices that do more than just simple forwarding of the packets.

A switch or a simple router will not alter or drop the tcp options header. They don't even look at, or care, about what is in this header.

Firewalls / intrusion detection/prevention systems / home broadband routers doing NAT and other more complex network devices might look at this header and drop or alter what is there if they do not understand the contents. Even with well documented tcp option types, there have been many examples of firewalls/NAT etc that got it wrong and caused problems.

See RFC 2780:
"Security analyzers such as firewalls and network intrusion detection monitors often rely on unambiguous interpretations of the fields described in this memo.  As new values for the fields are assigned, existing security analyzers that do not understand the new values may fail, resulting in either loss of connectivity if the analyzer declines to forward the unrecognized traffic, or loss of security if it does forward the traffic and the new values are used as part of an attack."

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
c# pass object by reference, wrapped TCP socket 6 81
IIS7 FTP default folder 8 86
MPLS VRF bridging 4 55
FTP output from Wireshak 6 73
Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now