tcp timestamps

TCP timestamps notes:

  • rfc1323
  • Timestamps: TSval 4125101209, TSecr 0 (SYN)
  • Timestamps: TSval 15477599, TSecr 4125101209 (SYN/ACK)
  • No timestamps with RST pkts (Linux 2.6.31 stack)
  • No timestamps with SYN&SYN/ACK (windows … need to be tested with win7)
  • Bad: rttm only when the tcp window is low. Not realistic. Lead to introducing “aliasing” artifacts into the estimated RTT. Must be used with all segments
  • Part of TCP options
  • Linux stack 2.6.31 appears to not start timestamp counter as the PC booted up (3 hours delay during my testing)
  • TCP timestamp can lead to slow network applications issues
  • About the TCP timestamp generation (not covered by RFC1312) : http://tools.ietf.org/html/draft-gont-tcpm-tcp-timestamps-03
  • disect (tcp timestamp covert channel) http://www.mit.edu/~gif/covert-channel/src/
  • Arbitrary TCP ISN timestamps http://lkml.org/lkml/2008/2/15/244
  • TCP timestamp can lead to false result under linux when syn cookies enabled
  • If more than 1 tsval is rcvd before echoed back:
    • delayed ack (btw must be less than 0.5s): answer by the first tsval received
    • ACK out of order segment (congestion): answer by the last pkt received

to be completed

Recent comments

Blog comments powered by Disqus