This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is it necessary for an RST packet to have an acknowledgement number?

0

I am studying about TCP reset attack. I know that some RST packets have an acknowledgement number (with the ACK bit set), and some RST packets do not have an acknowledgement number (the acknowledgement number is set to 0, and the ACK bit is not set).

Now if someone were to send a forged RST packet, is there a situation where it is necessary for the RST packet to have an acknowledgement number, or will an RST packet without the acknowledgement number always work?

asked 19 Mar '16, 18:31

john_9163's gravatar image

john_9163
16224
accept rate: 0%

One Answer:

0

Is it necessary for an RST packet to have an acknowledgement number?

No. RFC 793, section 3.1 "Header format", says

Acknowledgment Number:  32 bits

If the ACK control bit is set this field contains the value of the
next sequence number the sender of the segment is expecting to
receive.  Once a connection is established this is always sent.

so if a connection isn’t established - for example, if a packet comes in for a connection that was closed - a packet sent out doesn’t have to have an acknowledgment number and thus doesn’t have to have ACK set.

answered 19 Mar ‘16, 18:52

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

“Once a connection is established this is always sent” So this means that if a connection is established and I would like to send an RST packet to end it, it is necessary to have an acknowledgement number, correct?

(19 Mar ‘16, 20:51) john_9163

Read RFC 793, section 3.9 “Event processing” and RFC 1122, section 4.2.2.20 “Event processing” for indications of when an RST should, or shouldn’t, have an accompanying ACK.

(19 Mar ‘16, 21:12) Guy Harris ♦♦