Dark Mode
Capec-326 Detail
TCP Initial Window Size Probe
Detailed Software Likelihood: Medium Typical Severity: Low
Parents: 312
Threats: T60 T80 T258 T288 T291 T302 T334 T392 T407
This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the "connected" state within TCP protocol logic. The initial window size specifies a range of acceptable sequence numbers that will qualify as a response to an ACK packet within a session. Various operating systems use different Initial window sizes. The initial window size can be sampled by establishing an ordinary TCP connection.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-326 | capec | https://capec.mitre.org/data/definitions/326.html | |
| CWE-200 | cwe | http://cwe.mitre.org/data/definitions/200.html | |
| REF-33 | reference_from_CAPEC | Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill | |
| REF-128 | reference_from_CAPEC | http://www.faqs.org/rfcs/rfc793.html | Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA) |
| REF-212 | reference_from_CAPEC | Gordon "Fyodor" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd "Zero Day" Edition,), 2008, Insecure.com LLC |
Not present
- The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.
- A tool capable of sending and receiving packets from a remote system.
Not present
| Authorization | Access Control | Confidentiality |
|---|---|---|
| Bypass Protection Mechanism | Bypass Protection Mechanism | Read Data |
| Hide Activities | Hide Activities | Bypass Protection Mechanism |
| Hide Activities |
Not present