Makes sense. I was confused, seeing it in the context of analyzing
secure connections to Google subnets. Apparently I'm not "QUIC" enough
on the uptake of the Google's experimental transport layers. :-)
On 8/5/2016 5:41 PM, Jim Pingle wrote:
On 8/5/2016 3:13 PM, Karl Fife wrote:
All of the states in the pfsense states display make sense to me:
e.g. http://www.cs.hofstra.edu/~cscccl/c333/tcp.gif
Maybe I'm having a brain fart, but I'm not finding a good treatise on
the "multiple:multiple" state?
Anyone?
That "state" should only be seen with UDP and other stateless protocols.
You'll see SINGLE:NO_TRAFFIC when one side sends a single packet to the
other but has not yet received a response, and MULTIPLE:MULTIPLE when
both sides have sent multiple packets that match the state.
You can also see various combinations of these depending on the
protocol. For example you might see SINGLE:MULTIPLE from a perfectly
normal DNS request or you might see it on a partially working (or even
broken) ESP state for IPsec.
Essentially it's a counter that lets you know if 0, 1 or 2+ packets have
been observed matching the state.
Jim
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
