I'm trying to understand how the sequence numbers of the TCP header are generated.
In some places I read that it is the "index of the first byte in the packet" (link here), on some other sites it is a random 32bit generated number that is then incremented.
I don't really know which is which, so here are some questions:
- How is the initial sequence number generated? (Please provide an RFC number if there is one)
- How is it incremented?
- How is the secret key generated?
I read some of the RFCs like RFC 6528, RFC 793, and RFC 1948 but I can't seem to understand which one is actually implemented.
I read about the "std" status but still...
Thank you in advance!
Answer
Each endpoint of a TCP connection establishes a starting sequence number for packets it sends, and sends this number in the SYN packet that it sends as part of establishing a connection.
There is no requirement for either end to follow a particular procedure in choosing the starting sequence number. The operating system is free to use any mechanism it likes, but generally it's best if it chooses a random number, as this is more secure.
From that starting point, each packet sent by either end contains two sequence numbers - one to specify where in the stream the packet is, and an ACK sequence number which signifies the number of bytes received. Both numbers are offset by the starting sequence number.
Read all about it in Wikipedia of course - look for "sequence number" in that page to get all the gory details.