[RndTbl] IP ID field
Robert Keizer
robert at keizer.ca
Thu Jul 20 08:10:00 CDT 2017
This might be useful. I had bookmarked it years and years ago because I
thought it was neat.
http://lcamtuf.coredump.cx/oldtcp/tcpseq.html
Rob
On 2017-07-20 5:29 AM, Trevor Cordes wrote:
> On 2017-07-20 Vijay Sankar wrote:
>> I am a bit confused about IP ID and was wondering about the following.
>>
>> Is it normal to have the same IP ID for the initial SYN packet from
>> different source IP addresses? There is no fragmentation issues in
>> this case since it is only 40 bytes and I see this same IP ID only
>> with attempts to establish a session to 161/TCP.
> Off the top of my head, and without consulting anything (I can do that
> later), I recall reading something about this being OS specific. Some
> OS's randomize, some start with whatever. I think it can be used to
> determine what OS is hitting you in some cases. My guess would be
> older OS's don't randomize. Or I'm completely out to lunch at this late
> hour...
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca
> https://muug.ca/mailman/listinfo/roundtable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://muug.ca/pipermail/roundtable/attachments/20170720/20b9bd03/attachment.sig>
More information about the Roundtable
mailing list