PSH data between TCP 3WHS and SSL handshake

  • retag add tags

Hi all,

What would be the reason why a host would send the following sequence :

ACK, PSH-ACK, ACK just after it finishes the 3WHS and before handshake.

What could be included in those packets?

Regards. Liviu

Liviusbr's avatar
1
Liviusbr
asked 2018-09-14 13:13:22 +0000
edit flag offensive 0 remove flag close merge delete

Comments

That may depend on what protocol is being run over SSL. What is the complete sequence of packets, on both sides of the connection? If the only data being sent after the 3WHS and before the handshake is one segment of data from that host to the peer, it doesn't look like, for example, the STARTTLS opportunistic TLS negotiation for SMTP, as that involves the server sending "250 STARTTLS", the client responding with a "STARTTLS" command, and the server responding with a 220 response letting the client know that it can proceed.

Guy Harris's avatar Guy Harris (2018-09-14 19:44:06 +0000) edit
more
  • delete
add a comment see more comments