detection of the third tcp packet in a tcp connection setup
Ramin Alidousti
ramin@cannon.eng.us.uu.net
Thu, 27 Jun 2002 15:39:32 -0400
On Thu, Jun 27, 2002 at 09:44:07PM +0200, Patrick Schaaf wrote:
> > > There are some distinguishing characteristics... it is the first packet
> > > sent by the client that is in state ESTABLISHED. it should have ACK set
> > > and no other flags. the tcp data length should be zero.
> >
> > Isn't that in itself a bit of a giveaway ? I can't think of a reason why a
> > zero-length packet should ever occur in the remainder of the data stream... ?
>
> How to TCP keepalive packets look like? Also, isn't it possible that the
> third packet already carries data, in the general (read TCP protocol as
> it is written) case? You probably won't get that with the normal socket
> interface from userlevel, but does TCP forbid it? I don't think so.
Correct. And besides when you receive data and have nothing to send
you'll ack with a zero-length packet.
Ramin
>
> best regards
> Patrick