Ncovert2 – How it works, pt.3

Sender XORs data with previous ISN and session hash to create new ISN, creates a packet with a random IP ID, the “predictable” source port, and new ISN, and sends the packet
Sender also sends decoy packets as well
Destination ports on legit and decoy packets randomly use 1-65535, repeating as needed
Receiver sniffs packets, ignores packets without “predictable” destination ports, uses previous ISN and session hash to extract data

Sender XORs data with previous ISN and session hash to create new ISN, creates a packet with a random IP ID, the “predictable” source port, and new ISN, and sends the packet