TCP Connection Basics
- TCP and UDP the most common protocol on the networks and internet. You need to understand how TCP works to be able to use the scanning tools and initiate an attack.
- TCP includes 6 TCP flags that are set in packets
- TCP Flags indicate whether packet is initial (syn), acknowledgement (ack), finish (fin), urgent (urg), push (psh) or reset (rst)
- TCP Uses 3-way handshake to establish and maintain the sessions which includes the below steps between the Source and Destination devices:
- Syn (source to dest) -> syn-ack (dest to source) -> ack (source to dest)
- Many attacks use non-standard combinations of these flags (malformed packets) to elicit response from host or attack host
Syn flood
It is a DoS attack where source computer sends only syn packets. As a result there will be a lot of open-half sessions on the victim machine and it will be overloaded and not usable.
Understanding TCP Flags:
- SYN - Initiates a connection
- ACK - Acknowledges received data
- FIN - Closes a connection
- RST - Aborts a connection in response to an error
- URG: Inform a receiving station that certain data within a segment is urgent and should be prioritized.
- PSH: TCP buffers data that you send. This means it won't send data immediately and will wait to see there is more. On receiving end once PSH received, buffered data will be pushed to application.
The next picture shows the TCP Connection flags at different stages of the TCP state machine.
No comments:
Post a Comment