First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

No tcp-syn packet or tcp-fin packets.

For a conversation between two IP address, there is neither TCP-syn packet nor TCP-fin packet. So, in that case, how does the connection establishment and teardown have happened?

gopal_72's avatar
3
gopal_72
asked 2020-04-30 04:04:37 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The missing events definitely happened, you just didn't capture them. Note that you might not get a FIN, RST may be used instead.

grahamb's avatar
23.8k
grahamb
answered 2020-04-30 09:07:27 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Another possible point of failure is selecting application payloads. For instance, if you 

Follow TCP stream

you will get SYN and FIN packets IF they were captured. Let's pretend, for arguments sake, this TCP stream contains TLS, so if you filter on 

tls

then the TCP setup/teardown or discrete ACKs would not be visible. Only thing that shows is those TCP packets that contain TLS. Similar to http protocol, etc.

Bob Jones's avatar Bob Jones (2020-04-30 15:05:31 +0000) edit
more
  • delete

I hadn't thought that the user could have filtered them out.

grahamb's avatar grahamb (2020-04-30 15:20:32 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer