When considering half open for intercept or embryonic connections the first definition is correct. Cisco doesn't claim the first to be a description of TCP flow status. It is simply a definition for what these applications, Cisco has implemented, look for.
When considering the protocol definition then the second definition is correct, obviously since it comes from the RFC. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Monday, July 12, 2010 4:08 AM To: OSL Security Subject: [OSL | CCIE_Security] Half-open , Half-closed , Embryonic Hello All, A couple of days back , a friend and I we were discussing about the differences between Half-open , Half-closed and embryonic TCP connections : We got a couple of confusing definitions : 1) From cisco These half-open connections are TCP connections that have not completed the SYN-SYN/ACK-ACK handshake that is always used by TCP peers to negotiate the parameters of their mutual connection. 2) RFC 793 ( TCP ) An established connection is said to be "half-open" if one of the TCPs has closed or aborted the connection at its end without the knowledge of the other, or if the two ends of the connection have become desynchronized owing to a crash that resulted in loss of memory Can someone please shed some light on this? Thanks! Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
