On 07/27/2010 11:16 PM, Phil Dibowitz wrote: > The first byte seems to be tracking for something, but I have no idea what.
It's length-1, so I've updated consnoop to only print the packet up to this far and things make more sense now. > The second byte is a flag-bit-mask. 0x20 is FIN, 0x40 is ACK, and 0x80 is SYN. > The third byte appears to be a sequence number... except in the first SYN > and ACK. > The fourth byte appears to be an ack number... except in the first SYN and > ACK. So the SEQ and ACK numbers work like this: SEQ = previous guy's ACK number (or random if we haven't seen one?) ACK = previous guy's SEQ number + number of *data* bytes (first byte - 3) Still can't figure out the payload though. :( -- Phil Dibowitz p...@ipom.com Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." - Dr. Seuss
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________ concordance-devel mailing list concordance-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/concordance-devel
