Mixed VLAN tags and BPF syntax

By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.  Introduction I have been writing material for the Zeek docume… Continue reading Mixed VLAN tags and BPF syntax

What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?

I’m currently doing research on evasion attacks that seek to bypass a Deep-learning based Network Intrusion Detection System.
In order to achieve this, I need to know what the constraints are for the TCP window size field in the TCP packet… Continue reading What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?