This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP Option 171 added in SYN packet

0

Hello, just came across a tcp option 171 : 0xab

http://www.cloudshark.org/captures/1d460ea5291d shows the option added in frame 2 at the capture point as the client's syn packet gets forwarded to the server.

Maximum segment size: 1380 bytes No-Operation (NOP) Type: 1 Window scale: 8 (multiply by 256) No-Operation (NOP) Type: 1 No-Operation (NOP) TCP SACK Permitted Option: True Unknown (0xab) (6 bytes) : ab 06 00 00 00 2f 01 01

The HW MAC address indicates the capture point was a Radware device Anyone out there that has information about this option?

asked 22 Apr '13, 02:14

mrEEde2's gravatar image

mrEEde2
3364614
accept rate: 20%

1

I know that there is a Citrix Netscaler use of TCP options where they try to transport client IPs, but this doesn't seem to be it... http://blogs.citrix.com/2012/08/31/using-tcp-options-for-client-ip-insertion/

(22 Apr '13, 02:54) Jasper ♦♦

What a funny option (thanks for sharing this information).

I really like the explanation for it.

But in secured environments generally proxies are not allowed to alter HTTP header.

O.K. so the HTTP proxy is not allowed to add a header that has been defined in the HTTP standard, BUT the load balancer is allowed to add a TCP option, 'beyond' any standard.

What a nice justification ;-))

(22 Apr '13, 06:35) Kurt Knochner ♦