FIN-WAIT-2 is one of the TCP states in the TCP state machine. See the TCP RFC for more info (RFC 793).
The RFC says, "FIN-WAIT-2 represents waiting for a connection termination request from the remote TCP." So probably your side sent a FIN but never received a FIN back. Session close is supposed to be either a 3-way or 4-way handshake: FIN from host 1 FIN ACK from host 2 ACK from host 1 FIN from host 1 ACK from host 2 FIN from host 2 ACK from host 1 But a lot of recent applications don't do this and just end the session with an ACK, without sending a FIN, leaving the other guy hanging (until a timeout). It's not a big deal, as far as I know, but you might want to research it more in case there is a security hole involved with this behavior. I don't think there is though. Priscilla At 09:23 AM 12/13/01, Francis Lind wrote: >Hello all been slowing learning my security prodedures and such and ran into >something at work. > > ciscoTelnetTrap [1] tslineSesType.0.1 (Integer): telnet[2] tcpConnState: >port port 23 (Integer): finwait2 > >I've so far translated it as IP address1 is setting up a telnet session to >IP address 2. What I'm trying to decipher is the meaning of the finwait2. I >looked on cisco's webpage and learned that finwait is the time that a >firewall will manage a tcp connection after it detects a fin exchange. I'd >like to know if anyone can either explain or point me towards some info >explaining the fin exchange what it is and what does. > > >Thanks in advance ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29111&t=29064 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]