Maximum TCP Sequence Number

Question

Maximum TCP Sequence Number

I am trying to grab packages and refactor packages to receive the original HTTP request.

I am collecting packets by IPQUEUE (according to the iptables rule) and I realized that the packets are not recorded in order.

I already know that in TCP protocol, packets need to be rearranged, so I am trying to re-order the packets by sequence number.

According to Wikipedia, the TCP sequence number is a 32-bit number. Then what happens if the sequence number reaches MAX 32bits?

Since the SYN packet sequence number is a random number, I think this limit can be reached very quickly.

If anyone has a retribution or helpful links, please leave me an answer.

+3

tcp packet iptables

Wonjae lee 28 jan. At 5:04 am

source to share

3 answers

am · Answer 1 · 2013-01-28T06:17:57+0000

From RFC-1185

  Avoiding reuse of sequence numbers within the same connection is
  simple in principle: enforce a segment lifetime shorter than the
  time it takes to cycle the sequence space, whose size is
  effectively 2**31.

  If the maximum effective bandwidth at which TCP
  is able to transmit over a particular path is B bytes per second,
  then the following constraint must be satisfied for error-free 
  operation:
      2**31 / B  > MSL (secs)

So, in simpler words, TCP will take care of that. In addition to this condition, TCP also has the concept of Timestamps to handle sequence number traversal around the condition. From the same RFC above

  Timestamps carried from sender to receiver in TCP Echo options can
  also be used to prevent data corruption caused by sequence number
  wrap-around, as this section describes.

In particular, TCP uses the PAWS mechanism to handle TCP transactions around the case. You can find more details on PAWS in RFC-1323

JosephH · Answer 2 · 2013-01-28T05:08:31+0000

RFC793 Section 3.3:

It is important to remember that the actual ordinal number space is finite, albeit very large. This space ranges from 0 to 2 * 32 - 1. Since the space is finite, all arithmetic operations on a sequence of numbers must be performed modulo 2 * 32. This unsigned arithmetic keeps the sequence numbers connected as they cycle 2 ** 32 - from 1 to 0. There are several subtleties for a computer modulo arithmetic, so great care should be taken when programming comparing such values.

Any arithmetic done by ordinal is modulo 2 ^ 32

Jonathon Reinhart · Answer 3 · 2013-01-28T05:13:20+0000

Simply put, a 32-bit unsigned number will be wrapped around:

...
0xFFFFFFFE
0xFFFFFFFF
0x00000000
0x00000001
...

Maximum TCP Sequence Number

More articles: