how-to block ads
|
|
Share Topic
 |
 |
|
|
 NetGeek6Who?? Me??Premium
join:2000-02-22
Mount Clemens, MI | reply to njuser
Re: Just use a tweak tool and up your TTL by 1? This is NOT the TTL they are talking about, it's the ID portion of the the IP packet header.
Look at the following RFC »www.faqs.org/rfcs/rfc791.html
which explains the IP packet. Page 8 has a diagram of the sections of the packet, and Page 10 talks about the identificaition section of the packet.
When a machine sends out packets, they put a number (somewhat random) into this section of the packet, and incrament it for each packet after that. This helps the reciever put the packets back into the proper order (this is needed because not all packets always take the same route, so some later packets can actually arrive before earlier packets, so they need something to identify what order then need to be reassembled in)
Mangling this CAN be done, but some higher end firewalls and Linux type NAT boxes, but they have to track it in a very percise order, to make sure that the packets ID numbers still make some sense.
This method of identifying multiple machines works by relaying on the fact that each machine will be sending out packets in order, but will be in different number ranges. I.E. if you see 9 packets, and 3 have IDs of 55,56,57, 3 have ID's of 1001, 1002, 1003, and 3 have ID's on 50000,50001,50002, you can sort of determine that there are 3 machines. It's a bit more complex then this, but this is an simplification.
--NetGeek
--
I'm not even suppose to BE here today!!! | |
| Excellent explanation. But I think you meant to use the word 'by' instead of 'but' in the following.
"Mangling this CAN be done, but some higher end firewalls and Linux type NAT boxes, ..." | |
| reply to NetGeek6
Good stuff, but how far are we going to go in dismantling and modifying the way packets travel before we're adding more overhead, modifying OSI standards, etc.. when will it all stop. | |
|
