Q & A on TCP Sequence Numbers Q: I have a question about TCP sequence number generation. Why do we need to initilize the TCP sequence# for a connection as a hash function of (src ip,src port,dst ip,dst port, some salt)? Why could not we always initialize sequence # as a constant? A: Choosing a pseudo-random starting sequence number for a connection avoids the problem of replay. Imagine that two applications repeatedly make a connection, transfer data, and close the connection (e.g., a browser contacting a Web server to obtain a set of images). Also imagine that a constant was always used for the starting sequence number. Finally, imagine that some datagram is duplicated and one copy is delayed so long that the browser and server have time to finish the connection and start a new connection. If the delayed datagram wanders back in and is delivered, the TCP sequence number will fit into the sequence numbers being used for the new communication. Choosing a random starting sequence instead means that the sequence number in a delayed segment will (with high probability) lie outside the valid range and the segment will be rejected.