3

I'm trying to develop a small proof-of-concept for a python networking project but I've come across a hurdle. Would anyone be able to explain how I could derive the TSVal and TSecr values from the Operating system in python? I'm using Scapy to see if I could connect to a simple python server program as a client. The statement below is where I'm sort of stuck.

TCP(flags='S', options=[('Timestamp', (TSval, TSecr))])

So if anyone could recommend an algorithm or a python library to calculate the TSval and TSecr, it would be very much appreciated!

Thanks in advance!

nicRodz
  • 83
  • 1
  • 2
  • 8
  • How did you set the timestamp option? I have the values, but unable to set them as an option in TCP. You can find my detailed question [here](https://stackoverflow.com/questions/58234148/how-to-set-tcp-options-timestamp-and-sackok-via-scapy) – user3806649 Oct 05 '19 at 20:11

1 Answers1

2

I think both values should be calculated by yourself and assign them to the packet.

There is chance that scapy will assign these values automatically.You can have a try. But if not, you have to calculated it by yourself according to the RFC.

TSV is the Timestamp Value field. It is used in conjunction with sequence number to uniquely identify segments (since sequence numbers may wrap).

TSER is the Timestamp Echo Reply field. This is used in ACK messages. It holds a copy of the last TSV value received. It can be used for round trip time estimation (RTT = current time - TSER).

The fields are formally described in RFC 1323 (TCP Extensions for High Performance):

TCP Timestamps Option (TSopt):

 Kind: 8

 Length: 10 bytes

  +-------+-------+---------------------+---------------------+
  |Kind=8 |  10   |   TS Value (TSval)  |TS Echo Reply (TSecr)|
  +-------+-------+---------------------+---------------------+
      1       1              4                     4

 The Timestamps option carries two four-byte timestamp fields.
 The Timestamp Value field (TSval) contains the current value of
 the timestamp clock of the TCP sending the option.

 The Timestamp Echo Reply field (TSecr) is only valid if the ACK
 bit is set in the TCP header; if it is valid, it echos a times-
 tamp value that was sent by the remote TCP in the TSval field
 of a Timestamps option.  When TSecr is not valid, its value
 must be zero.  The TSecr value will generally be from the most
 recent Timestamp option that was received; however, there are
 exceptions that are explained below.
Stephen Lin
  • 4,852
  • 1
  • 13
  • 26
  • Thanks m170897017, but I was hoping to get the values from the operating system to assign it as the TSVal and TSecr variables before sending the packet off. – nicRodz Jan 07 '15 at 05:29
  • @nicRodz What's TSVal and TSecr in OS? – Stephen Lin Jan 07 '15 at 05:31
  • So far I know that the TSVal is some sort of timestamp thats derived by the operating system to maintain the sequence of a TCP connection. This value is used to prevent sequence number wrapping ( [RFC1323](http://tools.ietf.org/html/rfc1323#section-4) ). The TSecr is derived from some algorithm to determine the time delay before the receiver should send a reply (I think) – nicRodz Jan 07 '15 at 05:40
  • @nicRodz Now I understand what you are saying.Check my update. – Stephen Lin Jan 07 '15 at 06:09
  • Thanks m170897017, that's excellent information which I also came across in the standard. I'm just now looking for an algorithm to help calculate these values from scratch. Unfortunately Scapy does not calculate or put these value in by default. – nicRodz Jan 07 '15 at 06:18