Discussion on TCP related queries

[siddharthas222]

Dear All,

I have some questions stated below:

--------------------

1. If the last ACK packet is sent by client has:



ACK=1

Seq=123456790

Ack=4001

Then what is the sequence number and acknowledgement number of The first packet of actual data sent by client to server will have?

Will the header of this first data packet be the same as of the ACK packet ?

If not, what has changed?

---------------------



2. if the seq number gives a randomly largest 32 bit integer in tcp or near it, then the only change will be that it starts its wraparound and starts from 0 or something else also happens?
-----------------------
3. When I hit a custom port of google.com, then on port 80 and 443, it has no packet loss and when I request on port 500, all the packets are lost.
But, when I tried hhtforever.com's port 8, 80, 443, 500,8002, no data is lost.
Why is that happening?
command with output below:

==================================================
For httpforever.com:

user@user-pc:~$ sudo hping3 -S -p 80 httpforever.com
HPING httpforever.com (wlp3s0 146.190.62.39): S set, 40 headers + 0 data bytes
len=44 ip=146.190.62.39 ttl=46 DF id=0 sport=80 flags=SA seq=0 win=64240 rtt=365.7 ms
len=44 ip=146.190.62.39 ttl=46 DF id=0 sport=80 flags=SA seq=1 win=64240 rtt=286.4 ms
^C
--- httpforever.com hping statistic ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 286.4/326.0/365.7 ms
user@user-pc:~$ sudo hping3 -S -p 443 httpforever.com
HPING httpforever.com (wlp3s0 146.190.62.39): S set, 40 headers + 0 data bytes
len=44 ip=146.190.62.39 ttl=45 DF id=0 sport=443 flags=SA seq=0 win=64240 rtt=349.8 ms
len=44 ip=146.190.62.39 ttl=45 DF id=0 sport=443 flags=SA seq=1 win=64240 rtt=271.6 ms
len=44 ip=146.190.62.39 ttl=45 DF id=0 sport=443 flags=SA seq=2 win=64240 rtt=296.5 ms
^C
--- httpforever.com hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 271.6/306.0/349.8 ms
user@user-pc:~$ sudo hping3 -S -p 8 httpforever.com
HPING httpforever.com (wlp3s0 146.190.62.39): S set, 40 headers + 0 data bytes
len=40 ip=146.190.62.39 ttl=45 DF id=0 sport=8 flags=RA seq=0 win=0 rtt=330.8 ms
len=40 ip=146.190.62.39 ttl=45 DF id=0 sport=8 flags=RA seq=1 win=0 rtt=353.6 ms
len=40 ip=146.190.62.39 ttl=46 DF id=0 sport=8 flags=RA seq=2 win=0 rtt=275.4 ms
^C
--- httpforever.com hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 275.4/319.9/353.6 ms
user@user-pc:~$ sudo hping3 -S -p 500 httpforever.com
HPING httpforever.com (wlp3s0 146.190.62.39): S set, 40 headers + 0 data bytes
len=40 ip=146.190.62.39 ttl=45 DF id=0 sport=500 flags=RA seq=0 win=0 rtt=288.9 ms
len=40 ip=146.190.62.39 ttl=44 DF id=0 sport=500 flags=RA seq=1 win=0 rtt=291.6 ms
len=40 ip=146.190.62.39 ttl=46 DF id=0 sport=500 flags=RA seq=2 win=0 rtt=290.4 ms
^C
--- httpforever.com hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 288.9/290.3/291.6 ms
user@user-pc:~$ sudo hping3 -S -p 8002 httpforever.com
HPING httpforever.com (wlp3s0 146.190.62.39): S set, 40 headers + 0 data bytes
len=40 ip=146.190.62.39 ttl=46 DF id=0 sport=8002 flags=RA seq=0 win=0 rtt=328.4 ms
len=40 ip=146.190.62.39 ttl=46 DF id=0 sport=8002 flags=RA seq=1 win=0 rtt=352.4 ms
^C
--- httpforever.com hping statistic ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 328.4/340.4/352.4 ms


For google.com:

user@user-pc:~$ sudo hping3 -S -p 80 google.com
HPING google.com (wlp3s0 142.250.182.46): S set, 40 headers + 0 data bytes
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=80 flags=SA seq=0 win=65535 rtt=7.8 ms
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=80 flags=SA seq=1 win=65535 rtt=5.7 ms
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=80 flags=SA seq=2 win=65535 rtt=7.5 ms
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=80 flags=SA seq=3 win=65535 rtt=7.3 ms
^C
--- google.com hping statistic ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 5.7/7.1/7.8 ms
user@user-pc:~$
user@user-pc:~$
user@user-pc:~$ sudo hping3 -S -p 443 google.com
HPING google.com (wlp3s0 142.250.182.46): S set, 40 headers + 0 data bytes
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=443 flags=SA seq=0 win=65535 rtt=6.8 ms
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=443 flags=SA seq=1 win=65535 rtt=6.7 ms
len=44 ip=142.250.182.46 ttl=123 DF id=0 sport=443 flags=SA seq=2 win=65535 rtt=6.5 ms
^C
--- google.com hping statistic ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 6.5/6.7/6.8 ms
user@user-pc:~$ sudo hping3 -S -p 500 google.com
HPING google.com (wlp3s0 142.250.182.46): S set, 40 headers + 0 data bytes
^C
--- google.com hping statistic ---
9 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms


==================================================


4. Why is that if I don't do fragmentation, then the error "Fragmentation Needed/DF set" appears, when I reduce the Packet size, some data is still lost? If I further reduce the packet size, there is 0% packet loss.
How do we know what size of packet size of data must be sent?

==========================
user@user-pc:~$ sudo hping3 --icmp -d 1472 -y google.com
HPING google.com (wlp3s0 142.250.182.46): icmp mode set, 28 headers + 1472 data bytes
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
ICMP Fragmentation Needed/DF set from ip=192.168.1.1 name=_gateway
^C
--- google.com hping statistic ---
8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
user@user-pc:~$ sudo hping3 --icmp -d 1400 -y google.com
HPING google.com (wlp3s0 142.250.182.46): icmp mode set, 28 headers + 1400 data bytes
len=1428 ip=142.250.182.46 ttl=119 id=0 icmp_seq=0 rtt=5.9 ms
len=1428 ip=142.250.182.46 ttl=119 id=0 icmp_seq=1 rtt=5.5 ms
len=1428 ip=142.250.182.46 ttl=119 id=0 icmp_seq=2 rtt=3.3 ms
len=1428 ip=142.250.182.46 ttl=119 id=0 icmp_seq=3 rtt=6.1 ms
len=1428 ip=142.250.182.46 ttl=119 id=0 icmp_seq=4 rtt=4.8 ms
len=1428 ip=142.250.182.46 ttl=119 id=0 icmp_seq=5 rtt=3.7 ms
^C
--- google.com hping statistic ---
7 packets transmitted, 6 packets received, 15% packet loss
round-trip min/avg/max = 3.3/4.9/6.1 ms

user@user-pc:~$ sudo hping3 --icmp -d 140 -y google.com
HPING google.com (wlp3s0 142.250.182.46): icmp mode set, 28 headers + 140 data bytes
len=168 ip=142.250.182.46 ttl=119 id=0 icmp_seq=0 rtt=5.7 ms
len=168 ip=142.250.182.46 ttl=119 id=0 icmp_seq=1 rtt=2.5 ms
len=168 ip=142.250.182.46 ttl=119 id=0 icmp_seq=2 rtt=4.3 ms
len=168 ip=142.250.182.46 ttl=119 id=0 icmp_seq=3 rtt=3.0 ms
len=168 ip=142.250.182.46 ttl=119 id=0 icmp_seq=4 rtt=4.9 ms
len=168 ip=142.250.182.46 ttl=119 id=0 icmp_seq=5 rtt=3.6 ms
^C
--- google.com hping statistic ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 2.5/4.0/5.7 ms


==================


5. How many times can one send a TCP SYN request to any server? what are the approaches we can take? (Context below)

Being ethical, I flooded keenable.in with TCP requests with:
user@user-pc:~$ sudo hping3 -S --flood -p 80 keenable.in
[sudo] password for user:
HPING keenable.in (wlp3s0 185.230.63.171): S set, 40 headers + 0 data bytes
hping in flood mode, no replies will be shown
^C
--- keenable.in hping statistic ---
164126 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms


During flooding, Ping output:
user@user-pc:~$ ping keenable.in
PING keenable.in (185.230.63.171) 56(84) bytes of data.
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=1 ttl=235 time=525 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=2 ttl=235 time=3937 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=3 ttl=235 time=2897 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=4 ttl=235 time=1873 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=5 ttl=235 time=852 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=6 ttl=235 time=875 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=7 ttl=235 time=8389 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=8 ttl=235 time=7561 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=9 ttl=235 time=6537 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=10 ttl=235 time=5515 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=11 ttl=235 time=4491 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=12 ttl=235 time=3469 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=13 ttl=235 time=2445 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=14 ttl=235 time=1606 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=15 ttl=235 time=582 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=16 ttl=235 time=382 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=17 ttl=235 time=458 ms
^C
--- keenable.in ping statistics ---
17 packets transmitted, 17 received, 0% packet loss, time 18157ms
rtt min/avg/max/mdev = 381.742/3081.925/8388.878/2541.941 ms, pipe 9


After flooding stopped:

user@user-pc:~$ ping keenable.in
PING keenable.in (185.230.63.171) 56(84) bytes of data.
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=1 ttl=235 time=317 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=2 ttl=235 time=340 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=3 ttl=235 time=363 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=4 ttl=235 time=284 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=5 ttl=235 time=306 ms
64 bytes from unalocated.63.wixsite.com (185.230.63.171): icmp_seq=6 ttl=235 time=329 ms
^C
--- keenable.in ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5006ms
rtt min/avg/max/mdev = 283.692/323.126/363.101/25.194 ms

[We can clearly see the mean deviation became around 100x and the avg round trip time became 10x.]
(The mdev value indicates how much individual ping times typically vary from the average RTT. )

--
Thanks And Regards,
Siddharth Singh Chaudhari
7983312614

 

[CaffeineAddict]

Seq=123456790

2. if the seq number gives a randomly largest 32 bit integer in tcp or near it, then the only change will be that it starts its wraparound and starts from 0 or something else also happens?

Sequence number tells nothing special, you got it wrong, it's not random, this number only gives you the ordinal of a packet.
First packet will be Seq=1, 2nd will be 2 and so on until TCP transmission is reset with TCP RST.

3. When I hit a custom port of google.com, then on port 80 and 443, it has no packet loss and when I request on port 500, all the packets are lost.
But, when I tried hhtforever.com's port 8, 80, 443, 500,8002, no data is lost.
Why is that happening?

google has no port 500 open? the other domain may had it open.
hping3 is useful only vs open ports, you can't probe closed ports, you packets will be simply dropped normally with no response except for ICMP port closed packet, and only if their firewall and system config allows it.

4. Why is that if I don't do fragmentation, then the error "Fragmentation Needed/DF set" appears, when I reduce the Packet size, some data is still lost? If I further reduce the packet size, there is 0% packet loss.
How do we know what size of packet size of data must be sent?

You get fragmentation needed from your router, this is because packet size exceeds MTU.
You can check MTU on link with ping -M do -s <size> 192.168.1.1 where size is packet size you want to test, start small and increase it until you get fragmentation.

5. How many times can one send a TCP SYN request to any server? what are the approaches we can take? (Context below)

As many times as you want, but whether it will be successful depends on whether their firewall won't drop your packets.

Being ethical, I flooded keenable.in with TCP requests with:
user@user-pc:~$ sudo hping3 -S --flood -p 80 keenable.in

Using --flood option is not ethical so you shouldn't do without their permission.
Anyway their firewall likely dropped all your packets so your effort is in vain, flooding works best with 100's of computers to overwhelm their bandwidth.
Your internet speed and NIC is probably no match for them.