Account for condition where ECE flag is set on SYN-ACK packet.

USArmyResearchLab / Dshell

Dshell is a network forensic analysis framework.

Other

5.44k stars 1.14k forks source link

Account for condition where ECE flag is set on SYN-ACK packet. #106

Closed amm3 closed 5 years ago

amm3 commented 5 years ago

I've observed TCP connections where SYN, ECE, and CWR were set on the first handshake packet from the client, and subsequently SYN, ACK, and ECE were set on the server reply.

dev195 commented 5 years ago

The update makes sense to me. Thanks!