From: grahn+nntp@snipabacken.se   
      
   On Thu, 2010-08-19, glen herrmannsfeldt wrote:   
   > Rick Jones  wrote:   
   > (snip)   
   >   
   >> The spec allows for data to be present in the SYN|ACK, as well as the   
   >> SYN.  One can even have "christmas tree" segments with SYN, data and   
   >> FIN.  However, presently, data in the SYN segment is not supposed to   
   >> be presented to the application until the handshake is complete.   
   >   
   > Looking at the state diagram in my Comer book, it isn't obvious   
   > that SYN+FIN works.  But it might be that it is simplified.   
   >   
   > I do now believe that either SYN or SYN+ACK can have data.   
   >   
   > I was wondering if you could do.   
   >   
   > SYN+data+FIN   (packet one)   
   >   
   > SYN+ACK+data+FIN  (reply, packet two)   
   >   
   > ACK            (packet 3, all done)   
   >   
   > That does depend on the server actually looking at the   
   > data before it sends the ACK, though.   
   >   
   > Also, I had forgetten that the SYN+ACK can be separate, SYN and ACK   
   > to handle the case where both sides try to open at (about)   
   > the same time.   
      
   I haven't really listened, but like someone else wrote, it might be   
   enlightening to look at T/TCP: its RFC 1644, and the analysis of its   
   security problems.   
      
   /Jorgen   
      
   --   
     // Jorgen Grahn    O  o   .   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)