Jasper, I have another one - Are all Tflags SYN should have an option enabled? IP header 20 Bytes and Segment "SYN" 20 Bytes - Is it normal to see a packet 40 Size packet ?
asked 02 Jan '16, 08:59  Dgo Vrgs converted to question 02 Jan '16, 09:01 |
One Answer:
20 bytes IPv4 is normal, 20 bytes TCP is a very common size, too. But for a TCP packet with the SYN flag set you usually see bigger TCP headers these days. Reason for that is that TCP SYN packets now carry options like MSS, SACK permitted and Window Scaling. Older stacks may omit one or more of those, of course, and they still work, but having them is better. answered 02 Jan '16, 13:03  Jasper ♦♦ |
Jasper thanks for the confirmation. One of our customers is getting tons of TCP SYN flood lately each with different variations.