Re: [pfSense] multiple:multiple
Makes sense. I was confused, seeing it in the context of analyzing secure connections to Google subnets. Apparently I'm not "QUIC" enough on the uptake of the Google's experimental transport layers. :-) On 8/5/2016 5:41 PM, Jim Pingle wrote: On 8/5/2016 3:13 PM, Karl Fife wrote: All of the states in the pfsense states display make sense to me: e.g. http://www.cs.hofstra.edu/~cscccl/c333/tcp.gif Maybe I'm having a brain fart, but I'm not finding a good treatise on the "multiple:multiple" state? Anyone? That "state" should only be seen with UDP and other stateless protocols. You'll see SINGLE:NO_TRAFFIC when one side sends a single packet to the other but has not yet received a response, and MULTIPLE:MULTIPLE when both sides have sent multiple packets that match the state. You can also see various combinations of these depending on the protocol. For example you might see SINGLE:MULTIPLE from a perfectly normal DNS request or you might see it on a partially working (or even broken) ESP state for IPsec. Essentially it's a counter that lets you know if 0, 1 or 2+ packets have been observed matching the state. Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] multiple:multiple
On 8/5/2016 3:13 PM, Karl Fife wrote: > All of the states in the pfsense states display make sense to me: > e.g. http://www.cs.hofstra.edu/~cscccl/c333/tcp.gif > > Maybe I'm having a brain fart, but I'm not finding a good treatise on > the "multiple:multiple" state? > Anyone? That "state" should only be seen with UDP and other stateless protocols. You'll see SINGLE:NO_TRAFFIC when one side sends a single packet to the other but has not yet received a response, and MULTIPLE:MULTIPLE when both sides have sent multiple packets that match the state. You can also see various combinations of these depending on the protocol. For example you might see SINGLE:MULTIPLE from a perfectly normal DNS request or you might see it on a partially working (or even broken) ESP state for IPsec. Essentially it's a counter that lets you know if 0, 1 or 2+ packets have been observed matching the state. Jim ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] multiple:multiple
All of the states in the pfsense states display make sense to me: e.g. http://www.cs.hofstra.edu/~cscccl/c333/tcp.gif Maybe I'm having a brain fart, but I'm not finding a good treatise on the "multiple:multiple" state? Anyone? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
