On Thu, Jun 27, 2002 at 08:44:03PM +0100, Antony Stone wrote: > On Thursday 27 June 2002 8:44 pm, Patrick Schaaf wrote: > > > > > There are some distinguishing characteristics... it is the first packet > > > > sent by the client that is in state ESTABLISHED. it should have ACK > > > > set and no other flags. the tcp data length should be zero. > > > > > > Isn't that in itself a bit of a giveaway ? I can't think of a reason > > > why a zero-length packet should ever occur in the remainder of the data > > > stream... ? > > > > How to TCP keepalive packets look like? > > Hmmm. Don't know. Hadn't thought about those... > > > Also, isn't it possible that the third packet already carries data, in the > > general (read TCP protocol as it is written) case? > > Well, I'd always thought that this was allowed, yes, but I've also been told > by several different people (who play with real-world networks all the time) > that it never happens in practice - you get: >
If I'm not wrong you can always send data even in SYN and SYN/ACK. Like Patrick said the default options in the socket interface might not do it but I thought I saw some tweaking in one of Richard Steven's (god bless his soul) books to push traffic in SYN packets. Ramin > SYN (no data) > SYN/ACK (no data) > ACK (no data) > ACK (data) > ACK (data) > etc.....
