Henrik Nordstrom writes: > Don Cohen wrote: > > > On a related subject, I'm worried that UNREPLIED might not mean > > what I think it does. Your data contains things like: > > tcp 6 387070 ESTABLISHED src=9.163.211.64 dst=165.130.71.38 sport=3228 > > dport=1301 [UNREPLIED] src=165.130.71.38 dst=9.163.211.64 sport=1301 > > dport=3228 use=1 > > How can one half of the connection be established while the other half > > is unreplied? > > The ESTABLISHED indicates the TCP state, UNREPLIED indicates the conntrack > state. This is a TCP session that has only seen ACK in one direction, no > packets in the other. > > Almost related note: The connection is not ASSURED.
I'm having trouble making sense of your explanation above. This line is supposed to describe a single connection, right? Established as a tcp state means the three packet handshake is complete? But that seems to contradict the unreplied. Is there any doc for stuff like this? - how to read the lines above - what exactly these things (unreplied, assured, established ...) mean - can I match on ASSURED ?
