TCP Flags Stored in Header

URG
- Urgent
- Identifies important data
ACK
- Acknowledgement
- Acknowledges a packet; it is turned on for the majority of the connection
PSH
- Push
- Tells receiver to push the data through instead of buffering it
RST
- Reset
- Resets a connection
SYN
- Synchronize
- Synchronizes sequence numbers at the beginning of a connection
FIN
- Finish
- Gracefully closes a connection when both sides say goodbye

TCP Connection

Sequence number and acknowledgment number are used to maintain state
SYN and ACK flags are used to open connections in a 3 step handshake
- Client sends packet with SYN flag on and ACK flag off
- Then Server responds with a packet with both flags on
- Finally Client sends back a packet with SYN flag off but ACK on
- After this every packet will hace the ACK flag on and SYN off
Sequence numbers all TCP to put unordered packets back into order
- Helps determine whether packets are missing
- Also helps aboiding mix ups
TCP is great for applications where reliability and bidirectional communication are needed

UDP like the IP protocol is connectionless and unreliable
- Expects application to deal with its connectionless
  Unswitched Netowrk
Packets pass through every device on the network
Each device is expected to only look at packets addressed to them
It is very easy to go into Promiscuous Mode which causes it to look at all packets
Sniffing is the act of capturing packets that aren’t necessarily meant for public view

Only sent to the port they are assigned
Requires more intelligent hardware
One techniqure is to spoof Source Address
When an ARP reply comes in with an IP that exists, the receiver will overwrite MAC
ARP keeps no state information
With theses details an ARP Redirection can be execute
The act of changing entries in the ARP Cache is called ARP Cache Poisoning

Form of TCP/IP hijacking
- Involves injecting an authentic looking reset packet
- If Source is spoofed an ACK number is correct receiving side will believe it should restart transmission