Malicious endpoints can use a variety of techniques to infiltrate a network and send malicious code to an endpoint. For example, a malicious endpoint might try to inject illegitimate traffic into a legitimate flow. It might do this by trying to guess the legitimate flow's current sequence number. Another way that a malicious endpoint might try to infiltrate the network is it might attempt to send a command signal to an infected endpoint. It can do this by sending a “port knock” or an unused header field. In many networks, some or all of this header field information is inaccessible to a security program.