Graphics Programs Reference
In-Depth Information
Sequence numbers allow TCP to put unordered packets back into order,
to determine whether packets are missing, and to prevent mixing up packets
from other connections.
When a connection is initiated, each side generates an initial sequence
number. This number is communicated to the other side in the first two SYN
packets of the connection handshake. Then, with each packet that is sent,
the sequence number is incremented by the number of bytes found in the
data portion of the packet. This sequence number is included in the TCP
packet header. In addition, each TCP header has an acknowledgment number,
which is simply the other side's sequence number plus one.
TCP is great for applications where reliability and bidirectional communi-
cation are needed. However, the cost of this functionality is paid in commu-
nication overhead.
UDP has much less overhead and built-in functionality than TCP. This
lack of functionality makes it behave much like the IP protocol: It is connec-
tionless and unreliable. Without built-in functionality to create connections
and maintain reliability, UDP is an alternative that expects the application to
deal with these issues. Sometimes connections aren't needed, and the light-
weight UDP is a much better protocol for these situations. The UDP header,
defined in RFC 768, is relatively tiny. It only contains four 16-bit values in this
order: source port, destination port, length, and checksum.
0x440
Network Sniffing
On the data-link layer lies the distinction between switched and unswitched
networks. On an
unswitched network
, Ethernet packets pass through every
device on the network, expecting each system device to only look at the
packets sent to its destination address. However, it's fairly trivial to set a
device to
promiscuous mode
, which causes it to look at all packets, regardless
of the destination address. Most packet-capturing programs, such as tcpdump,
drop the device they are listening to into promiscuous mode by default. Pro-
miscuous mode can be set using
ifconfig
, as seen in the following output.
reader@hacking:~/booksrc $ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:34:61:65
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17115 errors:0 dropped:0 overruns:0 frame:0
TX packets:1927 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4602913 (4.3 MiB) TX bytes:434449 (424.2 KiB)
Interrupt:16 Base address:0x2024
reader@hacking:~/booksrc $ sudo ifconfig eth0 promisc
reader@hacking:~/booksrc $ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:34:61:65
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:17181 errors:0 dropped:0 overruns:0 frame:0
TX packets:1927 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4668475 (4.4 MiB) TX bytes:434449 (424.2 KiB)
