http://www.linuxsecurity.com/resource_files/documentation/tcpip-security.html

Another interesting tid bit. (with a good description of the OCI model, knowing this inside and out and upside down and in your sleep when your dreaming about a statuesq natalie portman will get you another 10k a year)
http://www.scan-technologies.com/tutorials/TCPIP%20Tutorial.htm

[This message has been edited by Sweede (edited 30 January 2001).]

hehe, i think i learned more in my [failed] attempts of spoofing (within my LAN, but of course http://www.linuxnewbie.org/ubb/smile.gif) then in most documents (of course, most spoofing documents provide adequate tcp/ip info.. which is where i learned it, heh).. sequencing is fun stuff ;o) i recommend sniffit in interactive mode :}


with a good description of the OCI model, ...

I think you mean the OSI model (Open System Interconnect).. correct me if I'm wrong..

those links were great; thanks for sharing.

~kyle

Sweede:

Do you think Sensei would setup another forum for the advanced networking stuff? Alot of the stuff that yourself and others talk about goes 747 with most of the newbies. I don't want to sound like an snob, but I've been a member for over a year and some of the stuff is a little over their heads. Kind of like if you are having basic issues (help, I can't surf), go to the general forum. If your trying to setup a DMZ or joining 4 subnets come see us. What do you think? Just me 2 cents worth.




[This message has been edited by jumpedintothefire (edited 30 January 2001).]

Originally posted by Fandelem:
OSI model (Open System Interconnect)..


ooops :x

/me hits head on wall.


Jumpedintothefire,
what he should do is have like, notalinuxnewbie.org for that stuff http://www.linuxnewbie.org/ubb/smile.gif

"what he should do is have like notalinuxnewbie.org for that stuff"

OK, point taken, I withdraw the idea. Forget I said it, and forgive me OK? ;-)

Darn, I'm starting to sound like some guys at others board. I had better go back and check my roots. Yup, there here.... forgive me, forgive me, forgive me, forgive me, PLEASE.
Where was my head at? (don't say it I have a mental picture)

according to that document on linuxsecurity.com, the tcp termination sequence is a three step process similar to the tcp three-way connection sequence, however... on page 36 in Unix Network Programming, Stevens has a diagram which shows a four step termination sequence... which is correct? think ill go with Stevens http://www.linuxnewbie.org/ubb/smile.gif

Stevens' model:


client server

| FIN (m) -------> |
| |
| <------- ACK (m+1) |
| |
| <------- FIN (n) |
| |
| ACK (n+1) -------> |




------------------
bash # more beer
bash # less work

[This message has been edited by aph3x (edited 30 January 2001).]

it is a three way communication, there isnt 4.

the FIN and ACK signal are sent at the same time, which is what he shows (incorrectly although).

its also not client->server
its source->sink

the source sends a FIN signal to say "im done DoSin you". the sink sends a signal back that says "Thank God its over, see you later" (a.k.a i got your signal and heres the last thing im sending you). Then the source sends one last ACK that says "0wn j00 later!"

and then the connection is closes

it is a three way handshake. the picture is correct if you know the process.

sweede is correct, the ack and the fin are sent back together; think of it as a three way two-hand shake ;o)

~kyle