I am learning how nmap operates by testing it with another workstation in my network. When I entered
nmap -v -A -sS 192.xxx.xxx.xxx
Part of the output produced the line below.
TCP Sequence Prediction: Difficulty=260 (Good luck!)
How is 260 calculated and what makes it difficult to predict the next sequence?
The topic of TCP sequence prediction is covered pretty well in the online Nmap book's OS detection page under "TCP Sequence Prediction." Essentially, statistical methods such as the Greatest Common Denominator (GCD) are used to predict the sequence's variability. There is more discussion on the OS detection methods page, and you can look at the code in osscan2.cc in the HostOsScan::makeTSeqFP function.
