TCP/IP stack responses

I am looking for a read on common responses from TCP/IP stacks to TCP packets with different flags set. (example: If a FIN packet is sent a ReSeT packet is usually returned; something along those lines but with more detail and examples) OS fingerprinting techniques achieve their findings by knowing this quite well. I am wondering if this is documented anywhere. I have searched google but I may not be using the correct search phrases. I have tried TCP/IP stack responses and "TCP/IP stack" flag returns. Any help will be greatly apreciated, and I thank you in advance.

Why dont you check out the pages for tools that do fingerprinting? there is a good bit at http://www.insecure.org/nmap/nmap-fi...g-article.html , you may want to check out the tutorials by the horse13 here at AO also

Thank you for your suggestion

If you really want to know about the nitty gritty details of TCP/IP buy "TCP/IP Illustrated" by Richard Stevens. It's considered the bible of TCP/IP. You'll only need volume 1 if you're only interested in the protocol itself. Volume 2 covers socket programming and Volume 3 covers the more 'advanced' protocols like TLS.

Search the site for the NMAP tutorials of Thehorse13 . They're really good.

hmm i dont know if its still there since i havent been doin some stuff lately. been too busy wid programmin class..

but try www.firewall.cx it has always been my choice of site when it comes to networking stuff.

I greatfully read all of thehorse13's Nmap tutorials and eagerly waited for each new one. I am also anticipating Fyodor's book when it is released :).

I will find this TCP/IP Illustrated book and read it and also browse the site listed above.

Thank you all.

I just finished my class on TCP/IP this semester. I am going to attach a few things that may help you. Do yourself a favor; rename these to .doc instead of the .txt ok?

Another:

Another long one: