lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Aug 2011 19:58:43 +0200
From:	Hagen Paul Pfeifer <hagen@...u.net>
To:	Gabriel Beddingfield <gabrbedd@...il.com>
Cc:	netdev@...r.kernel.org
Subject: Re: Miscalculated TCP ACK ?

* Gabriel Beddingfield | 2011-08-22 10:34:14 [-0500]:

>I'm having trouble with a particular server via HTTPS.  It appears
>that my local linux machines are sending incorrect ACK.  However, I
>don't have enough expertise to know for sure.
>
>Using wireshark, the server sends:
>
>    Transmission Control Protocol, Src Port: https (443), Dst Port:
>36015 (36015), Seq: 27658, Ack: 827, Len: 18
>
>Local machine replies:
>
>    Transmission Control Protocol, Src Port: 36015 (36015), Dst Port:
>https (443), Seq: 827, Ack: 27677, Len: 0
>
>It appears to me that the ACK is off-by-one (should have been 27676).

No, it is absolutely correct: ACK -> last seen Seq plus one (27658 + 18 + 1):

RFC 793:

    If the ACK control bit is set this field contains the value of the
		next sequence number the sender of the segment is expecting to
		receive.  Once a connection is established this is always sent.


Cheers, Hagen
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ