Don Cohen wrote: > On a related subject, I'm worried that UNREPLIED might not mean > what I think it does. Your data contains things like: > tcp 6 387070 ESTABLISHED src=9.163.211.64 dst=165.130.71.38 sport=3228 > dport=1301 [UNREPLIED] src=165.130.71.38 dst=9.163.211.64 sport=1301 > dport=3228 use=1 > How can one half of the connection be established while the other half > is unreplied?
The ESTABLISHED indicates the TCP state, UNREPLIED indicates the conntrack state. This is a TCP session that has only seen ACK in one direction, no packets in the other. Almost related note: The connection is not ASSURED. Regards Henrik
