The first packet in a tcp session must be SYN (alt + something). If it isn't CKPT assumes it is out of state and kills the attempt as a possible hack.
Put a sniffer on your network that listens to all traffic that hits the firewall's NIC. Once you've identified a non-SYN situation, then take a look at your sniffer packets for the session to see if it is true or not. We have found that our internal router is causing issues where from time to time it forwards internal packets to the firewall that contains invalid MAC information, thus not all packets are read by the kernel, and thus you get out of SYNc. On Thu, 18 Nov 2004 11:50:08 +0800, Shrivastava, Anurag (GE Healthcare, non-ge) <[EMAIL PROTECTED]> wrote: > Gentlemen, > > My firewall shows "TCP Packet out of state. First packet isn't sync. > tcp_flags:" > What does this mean? > > ----Anurag---- > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
