Re: TCP: a practical question

[Adam Powers <apowers () lancope com>]

I think your referring to a part of the RFC that is attempting to describe
passive and active opens. They were just making a point that both tcps could
establish connections at the same time in opposite directions on the same
service port without failure.

IMO, this kind of asynchronous communication over multiple sockets within an
application is quite common though something of a pain to maintain as NATs
and other translation layers will often break at least one direction of the
packet flow.



On 1/17/08 4:55 PM, "snort user" <snort.user () gmail com> wrote:

> Greetings.
>
> Normally TCP connection establishment is a three packet sequence.
>
> C -> S (Syn)
> S -> C (Syn|Ack)
> C -> S (Ack)
>
> TCP specification (rfc 793) mentions about a simultaneous open and
> it's use in distributed set ups.
> In this case the handshake would proceed as follows:
>
> C -> S (Syn) .. 1
> S -> C (Syn) .. 2
> (1 and 2 happends almost simultaneously)
> C -> S (Syn|Ack)
> S -> C (Syn|Ack)
>
> My question is do we see this behavior in the practical world ?
>
> Thanks
> Ashley
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to 
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intr
> o_sfw 
> to learn more.
> ------------------------------------------------------------------------


-- 

Adam  Powers
Chief Technology Officer
Lancope, Inc.
c. 678.725.1028
f. 678.302.8744
e. adam () lancope com


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------