On Thursday 27 June 2002 8:44 pm, Patrick Schaaf wrote: > > > There are some distinguishing characteristics... it is the first packet > > > sent by the client that is in state ESTABLISHED. it should have ACK > > > set and no other flags. the tcp data length should be zero. > > > > Isn't that in itself a bit of a giveaway ? I can't think of a reason > > why a zero-length packet should ever occur in the remainder of the data > > stream... ? > > How to TCP keepalive packets look like?
Hmmm. Don't know. Hadn't thought about those... > Also, isn't it possible that the third packet already carries data, in the > general (read TCP protocol as it is written) case? Well, I'd always thought that this was allowed, yes, but I've also been told by several different people (who play with real-world networks all the time) that it never happens in practice - you get: SYN (no data) SYN/ACK (no data) ACK (no data) ACK (data) ACK (data) etc..... > You probably won't get that with the normal socket > interface from userlevel, but does TCP forbid it? I don't think so. Fair point, but if Ramin's working on a real network, maybe a solution which works is okay, even if there's a theoretical situation when it wouldn't. Ramin, by the way, what are you trying to do this for ? Antony.
