Problems With TCP Port Filtering and Matching

• IP fragment(s) might not contain TCP/UDP source/destination port numbers

  Minimum IP datagram size is 68 bytes
  
  Minimum IP payload (fragment) is 8 bytes
  UDP header is 8 bytes – but potential problem with non-initial fragments
  TCP header is longer – even initial fragment might not contain port numbers

• Need to define two TCP-related behaviors

  Behavior for missing TCP/UDP port numbers
  
  Behavior for certain TCP fragments: “offset 1”

Previous slide

Next slide

Back to first slide

View graphic version