I think your referring to a part of the RFC that is attempting to describe passive and active opens. They were just making a point that both tcps could establish connections at the same time in opposite directions on the same service port without failure.
IMO, this kind of asynchronous communication over multiple sockets within an application is quite common though something of a pain to maintain as NATs and other translation layers will often break at least one direction of the packet flow. On 1/17/08 4:55 PM, "snort user" <[EMAIL PROTECTED]> wrote: > Greetings. > > Normally TCP connection establishment is a three packet sequence. > > C -> S (Syn) > S -> C (Syn|Ack) > C -> S (Ack) > > TCP specification (rfc 793) mentions about a simultaneous open and > it's use in distributed set ups. > In this case the handshake would proceed as follows: > > C -> S (Syn) .. 1 > S -> C (Syn) .. 2 > (1 and 2 happends almost simultaneously) > C -> S (Syn|Ack) > S -> C (Syn|Ack) > > My question is do we see this behavior in the practical world ? > > Thanks > Ashley > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intr > o_sfw > to learn more. > ------------------------------------------------------------------------ > -- Adam Powers Chief Technology Officer Lancope, Inc. c. 678.725.1028 f. 678.302.8744 e. [EMAIL PROTECTED] ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
