On 8/5/2016 3:13 PM, Karl Fife wrote: > All of the states in the pfsense states display make sense to me: > e.g. http://www.cs.hofstra.edu/~cscccl/c333/tcp.gif > > Maybe I'm having a brain fart, but I'm not finding a good treatise on > the "multiple:multiple" state? > Anyone?
That "state" should only be seen with UDP and other stateless protocols. You'll see SINGLE:NO_TRAFFIC when one side sends a single packet to the other but has not yet received a response, and MULTIPLE:MULTIPLE when both sides have sent multiple packets that match the state. You can also see various combinations of these depending on the protocol. For example you might see SINGLE:MULTIPLE from a perfectly normal DNS request or you might see it on a partially working (or even broken) ESP state for IPsec. Essentially it's a counter that lets you know if 0, 1 or 2+ packets have been observed matching the state. Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
