This was a really fun couple of labs for me (challenging as well). Lab 5 was all about TCP Sequence and Acknowledgment numbers, and it wasn’t until this lab and its set of questions around Retransmissions and Out-of-Order packets that it really sunk for me. I’m still by no means an expert…
These sets of labs took me down some fun and interesting rabbit holes, and I had to be careful that I didn’t dig too deep. There’s decades worth of information on the topic, and it can be easy sometimes to really get squirreled on things. I found this blog post useful when I was doing some reading and research on Round-Trip Times, Initial Round-Trip Times, and why it’s important. This other post was similar and informative. I even went so far as to peruse the RFC on how TCP compute’s the retransmission timer!
One thing I’ve always enjoyed about networking and packet analysis is that while the technologies above the network layer are changing constantly, the packets are always there. TCP hasn’t drastically changed in a very long time. The core concepts and terminology have largely remained the same, and it feels like it’s an area that not a lot of people understand still. This is what’s driving me through this work – I want to understand it.
I’m going to sit and think about some of this over the next few days before moving into the next lab. Between the Sequence / Acknowledgment numbers, how to calculate them, identifying the ‘Next Sequence Number’, and then knowing how Wireshark determines when a packet is a Fast Retransmit, an Out of Order, or a Retransmit, there’s a lot of new and interesting information that needs to be fully absorbed.