Syn packets can and do contain data. Never noticed Syn/Acks though having data, and I'd be surprised if they do in a well behaved IP stack.
-Aaron On Tue, Aug 05, 2003 at 11:06:15PM +0100, Justin Robinson wrote: > Hi, > > I'm writing a piece of code with the libpcap() library that works out the next > sequence number expected from the payload length. I'm concerned only with the > tcp/ip protocol. I expected that during the three-way handshake of tcp, that > the first two packets from the initiating TCP entity will NOT have any data > in them. The first two packets are the SYN and the ACK to the other TCP > entity's SYN. > > However, my code suggests that on some http connections, these packets hold > data, which breaks my code. > > I calculate the payload length using > > pkt_header->caplen - tcp_len - ip_len - linklayer_len > > where tcp_len and ip_len are taken from the appropriate fields in their > respective headers, and linklayer_len is always 14 because it is an ethernet > header. > > Can someone please confirm that these packets are not supposed to have a > payload?
pgp00000.pgp
Description: PGP signature
