Course Notes - Day 5


Good morning everyone! 

Last day of class! Good job hanging in there!


Current SEQ# + data bytes = Next SEQ#


URG - Look at the URG PTR field
ACK - ACK something (default)
PSH - Send now
RST - svc refusal/con teardown
SYN - sync SEQ #
FIN - "I'm done sending data and if you send me a FIN, we can timeout the connection." We do not allow recovery of a FIN'd connection - Mitnick


When is data transmitted?
App sends data to the TX buffer.

1. Full MSS (Maximum Segment Size) of data 
2. Push bit set
3. TX Timer 


http-wiresharkorg.pcapng
1.	SYN
	RX Buffer = 8192 bytes
	MSS = 1460 (option)
	WS=4 (option)
	SACK_PERM ON (option)

Retransmission (standard) - sender notices pkt loss - RTO timeout

Spurious Retransmission - unnecessary
 (ACK goes missing)

Fast Restransmission - receiver notices the pkt loss (illogical jump in the incoming SEQ #) - mother-in-law (dupe ACK)
(Fast Recovery mechanism)

Lots of false positives for OOO.
Sometimes they are retransmissions...
If you see OOOs near a packet loss recovery process... they are likely Retransmissions.

HOMEWORK
Practice Advanced IO graphs
Page 244-248
Page 251-253
Lab 10 (quickie)
Lab 11 (tough)<-- watch the handshakes
	watch ACKed Unsee Segment (faulty capture process - dropped data packets) - I usually throw away those trace files. 
Lab 12 (ok)
Section 17 End of Section Question

Button **************
http.time > 1
HTTP>1

Lab 13
Lab 14
Section 18 End-of-Section Question
Lab 15 (we did in class, but practice)
End-of-Section questions

LCLC decryption video - where is it?