Subject: Re: TCP sequence numbers.
To: Bill Sommerfeld <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 03/25/1999 11:04:58
In message <199903251559.PAA14729@orchard.arlington.ma.us>, Bill Sommerfeld wri
> > Hm, I think it's not exactly linear - I used tcpdump with option -x
> > to view the packets directly. I've seen that with the time the SEQs
> > increase with a very close algorithm to time.
> > BTW: This's on 1.3.2 x86 and SPARC (Well - both the same
> > source :>).
> Are all the connections to the same 4-tuple (src host, src port, dst
> host, dst port)? The iss should be completely random if any of the
> 4-tuple are different; otherwise, the iss should increase by a small,
> but random amount for each connection.
> Otherwise, see the following comment in tcp_subr.c:
> * If we were asked to add some amount to a known value,
> * we will take a random value obtained above, mask off the upper
> * bits, and add in the known value. We also add in a constant to
> * ensure that we are at least a certain distance from the original
> * value.
> * This is used when an old connection is in timed wait
> * and we have a new one coming in, for instance.
> The sequence numbers are still random in this case, but over a reduced
> range, because they have to be (in order to prevent stale packets from
> the old connection from being mistaken as belonging to the new one).
Also see RFC 1948.