> > I belive that state NEW says: a packet never seen before. A tuple that > > does not exist in currect tracked connections table. > > So, what are the INVALID packets ????? quote: "A packet which could not be identified for some reason: this includes running out of memory and ICMP errors which don't correspond to any known connection."
> After this, I was assuming that we were in the ESTABLISHED state. Hmm, i think we are in established just after the first SYN. so the SYN/ACK and ACK are ESTABLISHED, as having the same parameters as the first SYN. Same tuple. So i think conntrack works irregardles of the protocol seen. If this is true (i am going to research that), that would mean my assumption regarding how conntrack wroks is true. Regards, Maciej
