CAPEC-326: TCP Initial Window Size Probe

攻击模式描述

This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the "connected" state within TCP protocol logic. The initial window size specifies a range of acceptable sequence numbers that will qualify as a response to an ACK packet within a session. Various operating systems use different Initial window sizes. The initial window size can be sampled by establishing an ordinary TCP connection.

前提条件

• The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.

所需资源

• A tool capable of sending and receiving packets from a remote system.

后果影响