window tcp timestamp enable/disabled[B君笔记][博客]

noscript{position: fixed}window tcp timestamp enable/disabledtcp创建时间：2022-09-04 01:35:55

日常铺垫

今天需要测试抓tcp中带timestamp选项的包，无奈自己的win10电脑该选项默认是关闭的。网上搜了下，简单记录。
正常抓包如下，不带timestamp 选项。

Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operatin (NOP), SACK permitted
    TCP Option - Maximum segment size: 1460 bytes
    TCP Option - No-Operation (NOP)
    TCP Option - Window scale: 8 (multiply by 256)
    TCP Option - No-Operation (NOP)
    TCP Option - No-Operation (NOP)
    TCP Option - SACK permitted

注册表设置

通过注册表添加

路径为

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

类别为：

DWORD (32-bit)

名称为：

Tcp1323Opts

值为：0 关闭 2 开启

2

修改完，只重启explorer.exe，在未重起系统的情况下没有生效。

TCP timestamp is disabled

通过命令设置



// 打开

netsh int tcp set global timestamps=enable
#or
Set-NetTCPSetting -SettingName InternetCustom -Timestamps enable


//关闭
#To set using netsh:

netsh int tcp set global timestamps=disabled

#To set using PowerShell cmdlets:

Set-NetTCPSetting -SettingName InternetCustom -Timestamps Disabled

通过管理页的powershell执行，2个命令都可以生效。执行完注册表内的值会对应改变。

开启后抓包如下：

//SYN 
Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps
    TCP Option - Maximum segment size: 1460 bytes
    TCP Option - No-Operation (NOP)
    TCP Option - Window scale: 8 (multiply by 256)
    TCP Option - SACK permitted
    TCP Option - Timestamps: TSval 336905838, TSecr 0
        Kind: Time Stamp Option (8)
        Length: 10
        Timestamp value: 336905838
        Timestamp echo reply: 0

//SYN,ACK
Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
    TCP Option - Maximum segment size: 1450 bytes
    TCP Option - SACK permitted
    TCP Option - Timestamps: TSval 59303828, TSecr 336905838
        Kind: Time Stamp Option (8)
        Length: 10
        Timestamp value: 59303828
        Timestamp echo reply: 336905838
    TCP Option - No-Operation (NOP)
    TCP Option - Window scale: 5 (multiply by 32)


//ACK
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
    TCP Option - No-Operation (NOP)
    TCP Option - No-Operation (NOP)
    TCP Option - Timestamps: TSval 336905839, TSecr 59303828
        Kind: Time Stamp Option (8)
        Length: 10
        Timestamp value: 336905839
        Timestamp echo reply: 59303828

Server 2012 R2 TCP Timestamps