On Wed, 2003-04-09 at 15:00, dhiraj.2.bhuyan@xxxxxx wrote: > As far as I understand, an "ACK" packet can also start a "NEW" connection. > If the connection remains idle for long, the Netfilter's connection tracking > engine times out that connection and removes it's entry from the state > table. Now when an "ACK" packet comes back after sometime, the connection > tracking engine marks this as a "NEW" connection. However am not sure how > the state changes to "ESTABLISHED". IIRC there's been som discussion about how Internet Explorer violates the tcp standard. Some versions start their tcp sessions with a ACK instead of a SYN. And there's an hack in the windows OS that accepts that if it's destined for an IIS webserver I think. This is to shorten the amount of time needed for connection setup. If connection-pickup is enabled they will be marked as NEW even though they don't contain a SYN. If connection-pickup is disabled the packets will be marked as INVALID. -- /Martin
