Ethereal-dev: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Alok" <alokdube@xxxxxxxxxx>
Date: Sat, 6 Aug 2005 22:52:31 +0530
Thanks Nathan and Guy,

What confused me (which was why i didnt lookup the wiki) was that the SYNs
always have the correct checksum.
It is not :no checksum (remember TCP cheksum is around the pseudo header +
TCP stuff and i assumed that if a problem does not come up with SYN but with
the rest of the packets it must be something else.

perhaps the OS does pass correct stuff when a SYN is initiated..

thanks folks!
----- Original Message ----- 
From: "Nathan Jennings" <njen@xxxxxxxxxxxx>
To: "Ethereal development" <ethereal-dev@xxxxxxxxxxxx>
Sent: Saturday, August 06, 2005 10:48 PM
Subject: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile


> Alok wrote:
> > How does it work on simple SYNs then? :-(
>
> If by "it" you're referring to NIC TCP checksum offloading, then I think
> it's irrelevant what type of TCP packet it is (SYN, FIN, RST, etc.); the
> TCP pcaket is sent to the OS without a checksum, which is where Ethereal
> gets it from (OS via libpcap). Therefore, you get incorrect checksum,
> since there's *no* checksum present.
>
> -Nathan
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>