not sure ESTABLISHED TCP traffic will have ACK flag set
always...
Michele Vetturi
michele.vetturi at iritaly.org
Fri Apr 8 22:52:24 CEST 2005
On Fri, Apr 08, 2005, someone also known as Christian Seberino wrote:
> 2. One side sends LESS packets then the other! --
> fast side doesn't have enough incoming to ACK either!
This problem is resolved by the TCP window? Am I right?
> Agree? Why then do people say to drop non-ACK'd packets
> as suspicious??.... I would think it would be common
> for one side to send more packets then the other. I could
> be wrong.
One side CAN send more packets.
--
[ Michele Vetturi
--------------------------------------------------
IRItaly.org and Honeynet.it member
PGP key available at: http://vetz.homelinux.org ]
More information about the netfilter
mailing list