Re: Data in SYN and SYN acknowledgement packets

[Aaron Turner <aturner () pobox com>]

Syn packets can and do contain data.  Never noticed Syn/Acks though
having data, and I'd be surprised if they do in a well behaved IP stack.

-Aaron

On Tue, Aug 05, 2003 at 11:06:15PM +0100, Justin Robinson wrote:
> Hi,
>
> I'm writing a piece of code with the libpcap() library that works out the next 
> sequence number expected from the payload length. I'm concerned only with the 
> tcp/ip protocol. I expected that during the three-way handshake of tcp, that 
> the first two packets from the initiating TCP entity will NOT have any data 
> in them. The first two packets are the SYN and the ACK to the other TCP 
> entity's SYN.
>
> However, my code suggests that on some http connections, these packets hold 
> data, which breaks my code.
>
> I calculate the payload length using
>
> pkt_header->caplen - tcp_len - ip_len - linklayer_len
>
> where tcp_len and ip_len are taken from the appropriate fields in their 
> respective headers, and linklayer_len is always 14 because it is an ethernet 
> header.
>
> Can someone please confirm that these packets are not supposed to have a 
> payload?

Attachment: _bin
Description: