TCP Options

TCP Option Kind Numbers

Registration Procedures

IESG Approval or Standards Action

Reference

[RFC2780]

Note

The Transmission Control Protocol (TCP) has provision for optional
header fields identified by an option kind field.  Options 0 and 1 are
exactly one octet which is their kind field.  All other options have
their one octet kind field, followed by a one octet length field,
followed by length-2 octets of option data.

(*) It is only appropriate to use these values in explicitly-
    configured experiments; they MUST NOT be shipped as defaults in
    implementations.  See [RFC3692] for details.

Kind	Length	Meaning	Reference
0	-	End of Option List	[RFC793]
1	-	No-Operation	[RFC793]
2	4	Maximum Segment Size	[RFC793]
3	3	WSOPT - Window Scale	[RFC1323]
4	2	SACK Permitted	[RFC2018]
5	N	SACK	[RFC2018]
6	6	Echo (obsoleted by option 8)	[RFC1072]
7	6	Echo Reply (obsoleted by option 8)	[RFC1072]
8	10	TSOPT - Time Stamp Option	[RFC1323]
9	2	Partial Order Connection Permitted	[RFC1693]
10	3	Partial Order Service Profile	[RFC1693]
11		CC	[RFC1644]
12		CC.NEW	[RFC1644]
13		CC.ECHO	[RFC1644]
14	3	TCP Alternate Checksum Request	[RFC1146]
15	N	TCP Alternate Checksum Data	[RFC1146]
16		Skeeter	[Stev_Knowles]
17		Bubba	[Stev_Knowles]
18	3	Trailer Checksum Option	[Subbu_Subramaniam][Monroe_Bridges]
19	18	MD5 Signature Option (obsoleted by option 29)	[RFC2385]
20		SCPS Capabilities	[Keith_Scott]
21		Selective Negative Acknowledgements	[Keith_Scott]
22		Record Boundaries	[Keith_Scott]
23		Corruption experienced	[Keith_Scott]
24		SNAP	[Vladimir_Sukonnik]
25		Unassigned (released 2000-12-18)
26		TCP Compression Filter	[Steve_Bellovin]
27	8	Quick-Start Response	[RFC4782]
28	4	User Timeout Option	[RFC5482]
29		TCP Authentication Option (TCP-AO)	[RFC5925]
30-252		Unassigned
253	N	RFC3692-style Experiment 1 (*)	[RFC4727]
254	N	RFC3692-style Experiment 2 (*)	[RFC4727]

Network Bulls
Best Institute for CCNA CCNP CCSP CCIP CCIE R&S, CCIE Security Training in India
www.networkbulls.com
M-44, Old Dlf, Sector-14
Gurgaon, Haryana, india

Read More

TCP headers

The TCP headers must be able to perform all of the tasks above. We have already explained when and where some of the headers are used, but there are still other areas that we haven't touched very deeply at. Below you see an image of the complete set of TCP headers. It is formatted in 32 bit words per row, as you can see.

Source port - bit 0 - 15. This is the source port of the packet. The source port was originally bound directly to a process on the sending system. Today, we use a hash between the IP addresses, and both the destination and source ports to achieve this uniqueness that we can bind to a single application or program.

Destination port - bit 16 - 31. This is the destination port of the TCP packet. Just as with the source port, this was originally bound directly to a process on the receiving system. Today, a hash is used instead, which allows us to have more open connections at the same time. When a packet is received, the destination and source ports are reversed in the reply back to the originally sending host, so that destination port is now source port, and source port is destination port.

Sequence Number - bit 32 - 63. The sequence number field is used to set a number on each TCP packet so that the TCP stream can be properly sequenced (e.g., the packets winds up in the correct order). The Sequence number is then returned in the ACK field to ackonowledge that the packet was properly received.

Acknowledgment Number - bit 64 - 95. This field is used when we acknowledge a specific packet a host has received. For example, we receive a packet with one Sequence number set, and if everything is okey with the packet, we reply with an ACK packet with the Acknowledgment number set to the same as the original Sequence number.

Data Offset - bit 96 - 99. This field indicates how long the TCP header is, and where the Data part of the packet actually starts. It is set with 4 bits, and measures the TCP header in 32 bit words. The header should always end at an even 32 bit boundary, even with different options set. This is possible thanks to the Padding field at the very end of the TCP header.

Reserved - bit 100 - 103. These bits are reserved for future usage. In RFC 793 this also included the CWR and ECE bits. According to RFC 793 bit 100-105 (i.e., this and the CWR and ECE fields) must be set to zero to be fully compliant. Later on, when we started introducing ECN, this caused a lot of troubles because a lot of Internet appliances such as firewalls and routers dropped packets with them set. This is still true as of writing this.

CWR - bit 104. This bit was added in RFC 3268 and is used by ECN. CWR stands for Congestion Window Reduced, and is used by the data sending part to inform the receiving part that the congestion window has been reduced. When the congestion window is reduced, we send less data per timeunit, to be able to cope with the total network load.

ECE - bit 105. This bit was also added with RFC 3268 and is used by ECN. ECE stands for ECN Echo. It is used by the TCP/IP stack on the receiver host to let the sending host know that it has received an CE packet. The same thing applies here, as for the CWR bit, it was originally a part of the reserved field and because of this, some networking appliances will simply drop the packet if these fields contain anything else than zeroes. This is actually still true for a lot of appliances unfortunately.

URG - bit 106. This field tells us if we should use the Urgent Pointer field or not. If set to 0, do not use Urgent Pointer, if set to 1, do use Urgent pointer.

ACK - bit 107. This bit is set to a packet to indicate that this is in reply to another packet that we received, and that contained data. An Acknowledgment packet is always sent to indicate that we have actually received a packet, and that it contained no errors. If this bit is set, the original data sender will check the Acknowledgment Number to see which packet is actually acknowledged, and then dump it from the buffers.

PSH - bit 108. The PUSH flag is used to tell the TCP protocol on any intermediate hosts to send the data on to the actual user, including the TCP implementation on the receiving host. This will push all data through, unregardless of where or how much of the TCP Window that has been pushed through yet.

RST - bit 109. The RESET flag is set to tell the other end to tear down the TCP connection. This is done in a couple of different scenarios, the main reasons being that the connection has crashed for some reason, if the connection does not exist, or if the packet is wrong in some way.

SYN - bit 110. The SYN (or Synchronize sequence numbers) is used during the initial establishment of a connection. It is set in two instances of the connection, the initial packet that opens the connection, and the reply SYN/ACK packet. It should never be used outside of those instances.

FIN - bit 111. The FIN bit indicates that the host that sent the FIN bit has no more data to send. When the other end sees the FIN bit, it will reply with a FIN/ACK. Once this is done, the host that originally sent the FIN bit can no longer send any data. However, the other end can continue to send data until it is finished, and will then send a FIN packet back, and wait for the final FIN/ACK, after which the connection is sent to a CLOSED state.

Window - bit 112 - 127. The Window field is used by the receiving host to tell the sender how much data the receiver permits at the moment. This is done by sending an ACK back, which contains the Sequence number that we want to acknowledge, and the Window field then contains the maximum accepted sequence numbers that the sending host can use before he receives the next ACK packet. The next ACK packet will update accepted Window which the sender may use.

Checksum - bit 128 - 143. This field contains the checksum of the whole TCP header. It is a one's complement of the one's complement sum of each 16 bit word in the header. If the header does not end on a 16 bit boundary, the additional bits are set to zero. While the checksum is calculated, the checksum field is set to zero. The checksum also covers a 96 bit pseudoheader containing the Destination-, Source-address, protocol, and TCP length. This is for extra security.

Urgent Pointer - bit 144 - 159. This is a pointer that points to the end of the data which is considered urgent. If the connection has important data that should be processed as soon as possible by the receiving end, the sender can set the URG flag and set the Urgent pointer to indicate where the urgent data ends.

Options - bit 160 - **. The Options field is a variable length field and contains optional headers that we may want to use. Basically, this field contains 3 subfields at all times. An initial field tells us the length of the Options field, a second field tells us which options are used, and then we have the actual options. A complete listing of all the TCP Options can be found in TCP options, below.

Padding - bit **. The padding field pads the TCP header until the whole header ends at a 32-bit boundary. This ensures that the data part of the packet begins on a 32-bit boundary, and no data is lost in the packet. The padding always consists of only zeros.

TCP Options

Copy	Class	Number	Value	Name	Reference
0	0	0	0	EOOL - End of Options List	[RFC791, JBP]
0	0	1	1	NOP - No Operation	[RFC791, JBP]
1	0	2	130	SEC - Security	[RFC1108]
1	0	3	131	LSR - Loose Source Route	[RFC791, JBP]
0	2	4	68	TS - Time Stamp	[RFC791, JBP]
1	0	5	133	E-SEC - Extended Security	[RFC1108]
1	0	6	134	CIPSO - Commercial Security	[???]
0	0	7	7	RR - Record Route	[RFC791, JBP]
1	0	8	136	SID - Stream ID	[RFC791, JBP]
1	0	9	137	SSR - Strict Source Route	[RFC791, JBP]
0	0	10	10	ZSU - Experimental Measurement	[ZSu]
0	0	11	11	MTUP - MTU Probe	[RFC1191]*
0	0	12	12	MTUR - MTU Reply	[RFC1191]*
1	2	13	205	FINN - Experimental Flow Control	[Finn]
1	0	14	142	VISA - Experimental Access Control	[Estrin]
0	0	15	15	ENCODE - ???	[VerSteeg]
1	0	16	144	IMITD - IMI Traffic Descriptor	[Lee]
1	0	17	145	EIP - Extended Internet Protocol	[RFC1385]
0	2	18	82	TR - Traceroute	[RFC1393]
1	0	19	147	ADDEXT - Address Extension	[Ullmann IPv7]
1	0	20	148	RTRALT - Router Alert	[RFC2113]
1	0	21	149	SDB - Selective Directed Broadcast	[Graff]
1	0	22	150	NSAPA - NSAP Addresses	[Carpenter]
1	0	23	151	DPS - Dynamic Packet State	[Malis]
1	0	24	152	UMP - Upstream Multicast Pkt.	[Farinacci]

Network Bulls
Best Institute for CCNA CCNP CCSP CCIP CCIE R&S, CCIE Security Training in India
www.networkbulls.com
M-44, Old Dlf, Sector-14
Gurgaon, Haryana, india

Read More

Booting XM Images on Non-XM 2600 Series Routers

Introduction:

One of the limitations of the older 2600 series routers (2610/2611/2620/2621) is that they lack the memory capacity to run newer IOS images. Within the scope of the CCIE Routing & Switching Lab Exam this translates to the lack of OSPFv3 support for IPv6. Luckily for us however the older 2600 series routers are essentially the same platform as the 2600XM routers, simply with less processing power and memory capacity. What this means is that the 2600 series routers can boot 2600XM images, and therefore run IOS versions that includes OSPFv3 support. In order to accomplish this we will use the "tftpdnld -r" command from rommon to boot an IOS image into RAM. Since the image will be running from RAM a TFTP download will be required every time the router is rebooted.

Configuration:

Below we see a 2610 router running the 12.2(15)T7 IP Plus image. While it does support IPv6 routing it lacks OSPFv3 support.

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.2(15)T7,  RELEASE SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 09-Aug-03 07:18 by ccai
Image text-base: 0x80008098, data-base: 0x8195144C

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 10 hours, 58 minutes
System returned to ROM by power-on
System image file is "flash:c2600-j1s3-mz.122-15.T7.bin"

cisco 2610 (MPC860) processor (revision 0x202) with 59392K/6144K bytes of memory.
Processor board ID JAD03337409 (4221326695)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router ospf 1
Router(config)#interface e0/0
Router(config-if)#ipv6 ospf 1 area 0
                       ^
% Invalid input detected at '^' marker.

Router(config-if)#end
Router#

In order to boot the XM image we first have to boot into rommon. To accomplish this reload the router and then press CTRL-BREAK as the router begins to boot.

Router#reload

System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]

*Mar  1 10:59:13.751: %SYS-5-RELOAD: Reload requested by console.
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0
C2600 platform with 65536 Kbytes of main memory

PC = 0xfff0a530, Vector = 0x500, SP = 0x80004864

monitor: command "boot" aborted due to user interrupt
rommon 1 >

Next set the environment variables for loading an IOS image via tftp.

rommon 1 > IP_ADDRESS=192.10.4.1
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.10.4.254
rommon 4 > TFTP_SERVER=192.10.4.254
rommon 5 > TFTP_FILE=2600xm.bin

Next issue the "tftpdnld -r" command. Note that the -r switch is required to instruct the router to load the image to RAM instead of writing it to flash.

rommon 6 > tftpdnld -r

          IP_ADDRESS: 192.10.4.1
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: 192.10.4.254
         TFTP_SERVER: 192.10.4.254
           TFTP_FILE: 2600xm.bin
....
Receiving 2600xm.bin from 192.10.4.254 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!
File reception completed.
program load complete, entry point: 0x80008000, size: 0x1176b34
Self decompressing the image : ###########################################
##########################################################################
##########################################################################
##########################################################################
###################################################################### [OK]

Smart Init is disabled. IOMEM set to: 10

Configured I/O memory percentage was too large. Using 10 percent iomem.
              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-JS-M), Version 12.2(15)T14, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 28-Aug-04 06:48 by cmong
Image text-base: 0x80008098, data-base: 0x81D1B400

cisco 2610 (MPC860) processor (revision 0x202) with 59392K/6144K bytes of memory.
Processor board ID JAD03337409 (4221326695)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Warning:  Attempting a memory percentage that does not provide enough Processor
 memory for the currently running image.  If you save your running-config now,
 this version of software may not be able to run.



Press RETURN to get started!

We can now see that the router has booted and is running IOS 12.2(15)T14 Enterprise Plus, which is only officially supported as a 2600XM image. Most importantly our 2610 router now has OSPFv3 support.

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router ospf 1
Router(config-rtr)#?
  area                   OSPF area parameters
  auto-cost              Calculate OSPF interface cost according to bandwidth
  compatible             OSPF compatibility list
  default                Set a command to its defaults
  default-information    Distribution of default information
  default-metric         Set metric of redistributed routes
  discard-route          Enable or disable discard-route installation
  distance               Administrative distance
  distribute-list        Filter networks in routing updates
  exit                   Exit from IPv6 routing protocol configuration mode
  ignore                 Do not complain about specific event
  log-adjacency-changes  Log changes in adjacency state
  maximum-paths          Forward packets over multiple paths
  no                     Negate a command or set its defaults
  passive-interface      Suppress routing updates on an interface
  redistribute           Redistribute IPv6 prefixes from another routing
                         protocol
  router-id              router-id for this OSPF process
  summary-prefix         Configure IPv6 summary prefix
  timers                 Adjust routing timers

Router(config-rtr)#interface e0/0
Router(config-if)#ipv6 ospf ?
  <1-65535>            Process ID
  cost                 Interface cost
  database-filter      Filter OSPF LSA during synchronization and flooding
  dead-interval        Interval after which a neighbor is declared dead
  demand-circuit       OSPF demand circuit
  flood-reduction      OSPF Flood Reduction
  hello-interval       Time between HELLO packets
  mtu-ignore           Ignores the MTU in DBD packets
  neighbor             OSPF neighbor
  network              Network type
  priority             Router priority
  retransmit-interval  Time between retransmitting lost link state
                       advertisements
  transmit-delay       Link state transmit delay

Note that the router displays a warning that it is short on processor memory. Ensure to save your configuration early and often in order to avoid losing your work due to a router crash.

Network Bulls
Best Institute for CCNA CCNP CCSP CCIP CCIE R&S, CCIE Security Training in India
www.networkbulls.com
M-44, Old Dlf, Sector-14
Gurgaon, Haryana, india

Read More