> > TCP goes into a 2msl time wait state after the connection closes in case > > a segment got delayed in the network. That is how TCP works. > This explains the TIME_WAIT:TIME_WAIT status, but what about FIN_WAIT_2 ? The TCP state labels in PF can not perfectly follow the RFC flow diagram. PF has to model the connection as a passive observer and not an active participent. So PF sees a FIN, FIN|ACK and ACK exchange. You would think that would go into the TIME_WAIT or CLOSED states. But ACKs are not reliable in TCP so PF can not guarantee that the ACK arrived at the end host. Thus PF can not ratchet the connection state past FIN_WAIT_2.
And yes, 2msl applies to a FIN close. .mike
