Is the tcp "options" header always preserved over switches, routers, & firewalls?

Posted on 2008-10-16
Last Modified: 2013-11-29
I want to make use of the TCP "options" header (see in an application.  Is the tcp "options" header always preserved over switches, routers, & firewalls?
Question by:Juzzam2
1 Comment

Accepted Solution

larsga earned 250 total points
Comment Utility
Are you asking about putting un-standardised data in the header? If you diverge from the already standardised option types, you risk getting into problems with devices that do more than just simple forwarding of the packets.

A switch or a simple router will not alter or drop the tcp options header. They don't even look at, or care, about what is in this header.

Firewalls / intrusion detection/prevention systems / home broadband routers doing NAT and other more complex network devices might look at this header and drop or alter what is there if they do not understand the contents. Even with well documented tcp option types, there have been many examples of firewalls/NAT etc that got it wrong and caused problems.

See RFC 2780:
"Security analyzers such as firewalls and network intrusion detection monitors often rely on unambiguous interpretations of the fields described in this memo.  As new values for the fields are assigned, existing security analyzers that do not understand the new values may fail, resulting in either loss of connectivity if the analyzer declines to forward the unrecognized traffic, or loss of security if it does forward the traffic and the new values are used as part of an attack."

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are and 192…
Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now