Wireshark · Ethereal-dev: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile

Ethereal-dev: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Nathan Jennings <njen@xxxxxxxxxxxx>

Date: Sat, 06 Aug 2005 13:31:59 -0400

Alok wrote:

Thanks Nathan and Guy,

What confused me (which was why i didnt lookup the wiki) was that the SYNs
always have the correct checksum.
It is not :no checksum (remember TCP cheksum is around the pseudo header +
TCP stuff and i assumed that if a problem does not come up with SYN but with
the rest of the packets it must be something else.

perhaps the OS does pass correct stuff when a SYN is initiated..

Ah, I see what you and Guy mean now. I missed the point of yourquestion... simple SYN == no payload. :o( I hadn't considered that.


Sorry for the noise (added confusion).

References:
- [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
  - From: J.Smith
- Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
  - From: Alok
- Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
  - From: Nathan Jennings
- Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
  - From: Alok
- Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
  - From: Nathan Jennings
- Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
  - From: Alok

Prev by Date: RE: [Ethereal-dev] Patch for indefinite length for packet-ber.candvarious fixes to tcap dissector.
Next by Date: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
Previous by thread: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
Next by thread: Re: [Ethereal-dev] Detecting TCP Timestamp PAWS DoS from tracefile
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$