How to calculate sequence number of the TCP/IP packets?
I am the network engineer. Recently, I have some change to remember the sequence number of the TCP/IP packets. Someone include me think that this is not easy.
1. General Packet Structure.
IP header and TCP header have generally 20 Byte size of the packets. Data payloads can be maximum 1460 Byte size of the packets.
MSS is the data size, which determine how much can be send at one time. MTU is sum of TCP, IP and MSS (Data).
MSS = Maximum TCP Segment Size in one Packet – usually it is 1460 + 20 (TCP Header) + 20 (IP Header) = MTU =1500 + 18 (DLC Header) and you have a full frame of 1518 bytes.
2. IP header Structure
I have told "IP header is 20 Byte". However, IP header is not fixable. It can be increased by optional values up to 60 Byte. In this header, there are three point which I need to focus on.
Length field shows how much size of IP header. Identification field is one of mark. This is the unique value which is not changed from source to destination. In this link, I can see more detail of the Protocol field.
3. TCP header structure.
TCP header is also not fixable. It can be max 60 Byte. In TCP header, there are sequence number, acknowledge number and window size value.
Windows size value is determined by server environment, such as allocated memory of operating system. It can be increased or decreased. If I suffer from "Zero Window" issue, I have to check the buffer size of host.
4. DLC header structure.
This header shows MAC address generally. In Ethernet field, 0x0800 means IPv4 and 0x08dd means IPv6.
5. Packet sequence analysis for SYN and FIN
For SYN-ACK / FIN-ACK handshake, it is important to add +1 value, even if length of data is zero. Client sent packet with sequence number 0. Therefore, the expect ACK number should 1. Server will send the packet with sequence number 0 and ACK number is 1. For this packet, the expect ACK number should also is 1. Finally, client send last ACK packet with sequence number 1 and ACK number 1.
6. Packet sequence analysis for Data
For Data, It is little bit different with above. It add only length of data. Look at the below. Fist, sequence number 380 + data length 213 is Expect ACK with number 593.
Second, sequence number 1306 + data length 373 is 1679 with ACK 593 which come from above.
Final, sequence number 593 which equals with ACK number will transfer with ACK 1679.
7. Optional ,SACK (Selective ACK)
For effective transmission, the selective ACK mechanism is existed. Look at the below. 172.18.0.74 is sender. This sender send the packet with sequence number, 5943, 7403, 8863, 10323, 11784, 13243, and 14703. The data length is 1460. Thus, there is no loss to transfer.
However, Loot at the below. At this time, ACK number is important value. "ACK=10323, SLE=13243, SRE=14703" message means 11783 packet does not exist in the receiver.
In the last, re-transmission for sequence 11783 is happen. The ACK number with 11783 is shown.
Reference
[ 1 ] https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
[ 3 ] https://www.networkcomputing.com/network-security/network-troubleshooting-tcp-sack-analysis/2073731643
'Network Engineering > Basic Learning' 카테고리의 다른 글
| How does the OSPF cost work? (0) | 2019.07.18 |
|---|---|
| How to work BGP synchronize and next hop self with Nexus? (0) | 2019.07.11 |
| What is basic BGP community concept? (0) | 2019.06.18 |
| How does the multicast (PIM sparse mode) work with MSDP? (0) | 2019.06.07 |
| How SSL/TLS handshake can be done? (0) | 2018.12.18 |