Archived from groups: microsoft.public.windowsnt.protocol.tcpip (More info?)
Hi,
I am a bit confused about the Options in the Syn Packet of TCP.
I don't know how to decypher the options, if that is what they are?
I don't really know if they are options or not?
Options shoud be part of the header and not the data.
I see this all the time in the SYN packet, so I imagine they are the
Options.
Options 0 and 1 are exactly one octet which is their kind field.
All other options have their one octet kind field, followed by a one octet
length field,
followed by length-2 octets of option data.
This is a TCP Time Packet.
First Packet (SYN)
HEADER:
45 00 00 34 CF 04 40 00 40 06 EA 69 C0 A8 00 02 E..4..@.@..i....
C0 A8 00 03 06 AE 00 25 5A 5F 63 42 00 00 00 00 .......%Z_cB....
80 02 FF FF 29 4C 00 00 ....)L..
DATA:
02 04 05 B4 01 03 03 02 01 01 04 02 ............
First Guess
a.. 02 Maximum Segment Size
a.. 04 Length
a.. 05 B4 01 03 = 95682819
a.. 03 WSOPT - Window Scale
a.. 02 Length
a.. 01 01 = 257
a.. 04 Sack Permitted
a.. 02 Length
TCP Mon might not be showing the 00 00
Second Guess
a.. 02 Maximum Segment Size
a.. 04 Length
a.. 05 B4 = 1460
a.. 01 No Operation
a.. 03 WSOPT - Window Scale
a.. 03 Length
a.. 02 01 = 513
a.. 01 No Operation
a.. 04 Sack Permitted
a.. 02 Length
TCP Mon might not be showing the 00 00
Third Guess
a.. 02 Maximum Segment Size
a.. 04 Length
a.. 05 B4 (Length 2 Option Data)
a.. 01 03 03 02 = 16974594
a.. 01 No Operation
a.. 01 No Operation
a.. 04 Sack Permitted
a.. 02 Length
TCP Mon might not be showing the 00 00
Thanks for your help,
--
Christopher J. Holland [!MVP]
http://www.mvps.org/vcfaq/
http://www.codeguru.com
http://www.codeproject.com
http://www.naughter.com/
http://support.microsoft.com/default.aspx
http://msdn.microsoft.com/howto/
http://msdn.microsoft.com/library/
www.flounder.com/mvp_tips.htm
Hi,
I am a bit confused about the Options in the Syn Packet of TCP.
I don't know how to decypher the options, if that is what they are?
I don't really know if they are options or not?
Options shoud be part of the header and not the data.
I see this all the time in the SYN packet, so I imagine they are the
Options.
Options 0 and 1 are exactly one octet which is their kind field.
All other options have their one octet kind field, followed by a one octet
length field,
followed by length-2 octets of option data.
This is a TCP Time Packet.
First Packet (SYN)
HEADER:
45 00 00 34 CF 04 40 00 40 06 EA 69 C0 A8 00 02 E..4..@.@..i....
C0 A8 00 03 06 AE 00 25 5A 5F 63 42 00 00 00 00 .......%Z_cB....
80 02 FF FF 29 4C 00 00 ....)L..
DATA:
02 04 05 B4 01 03 03 02 01 01 04 02 ............
First Guess
a.. 02 Maximum Segment Size
a.. 04 Length
a.. 05 B4 01 03 = 95682819
a.. 03 WSOPT - Window Scale
a.. 02 Length
a.. 01 01 = 257
a.. 04 Sack Permitted
a.. 02 Length
TCP Mon might not be showing the 00 00
Second Guess
a.. 02 Maximum Segment Size
a.. 04 Length
a.. 05 B4 = 1460
a.. 01 No Operation
a.. 03 WSOPT - Window Scale
a.. 03 Length
a.. 02 01 = 513
a.. 01 No Operation
a.. 04 Sack Permitted
a.. 02 Length
TCP Mon might not be showing the 00 00
Third Guess
a.. 02 Maximum Segment Size
a.. 04 Length
a.. 05 B4 (Length 2 Option Data)
a.. 01 03 03 02 = 16974594
a.. 01 No Operation
a.. 01 No Operation
a.. 04 Sack Permitted
a.. 02 Length
TCP Mon might not be showing the 00 00
Thanks for your help,
--
Christopher J. Holland [!MVP]
http://www.mvps.org/vcfaq/
http://www.codeguru.com
http://www.codeproject.com
http://www.naughter.com/
http://support.microsoft.com/default.aspx
http://msdn.microsoft.com/howto/
http://msdn.microsoft.com/library/
www.flounder.com/mvp_tips.htm
Facebook
Twitter
Instagram