TCP 的三次握手，四次挥手和重要的细节—干货满满，建议细读( 四 )_因为TCP协议涉及到的东西很多

段 1 里最需要注意的就是这个client_isn ，也就是初始序列号。「RFC0793^1」指出:

When new connections are created an initial sequence number (ISN) generator is employed which selects a new 32 bit ISN. The generator is bound to a (possibly fictitious) 32 bit clock whose low order bit is incremented roughly every 4 microseconds. Thus the ISN cycles approximately every 4.55 hours.

翻译过来就是，初始序列号是一个 32 位的（虚拟）计数器，而且这个计数器每 4 微秒加 1 ，也就是说， ISN 的值每 4.55 小时循环一次。这个举措是为了防止序列号重叠。

但即使这样还是会有安全隐患——因为初始 ISN 仍然是可预测的，恶意程序可能会分析 ISN ，然后根据先前使用的 ISN 预测后续 TCP 连接的 ISN ，然后进行攻击，一个著名的例子就是「The Mitnick attack^2」。这里摘一段原文：

Mitnick sent SYN request to X-Terminal and received SYN/ACK response. Then he sent RESET response to keep the X-Terminal from being filled up. He repeated this for twenty times. He found there is a pattern between two successive TCP sequence numbers. It turned out that the numbers were not random at all. The latter number was greater than the previous one by 128000.