I was flipping through some Cisco training material and ran across a
communication property that I do not believe I have ever seen in the
The subject was regarding how segments are handled at the transport
layer. The text stated that when there are multiple sessions taking
place between two IP hosts, that the sessions could be multiplexed
together in order to decrease the number of required packets.
In other words, let's assume host "A" has three users logged on who all
have active Telnet sessions taking place to host "B". According to the
text, these three sessions could be combined into a single IP packet
using multiple transport headers to distinguish each unique session
(i.e. source and reply ports) and multiple payloads.
In fact, it was explained to me that all traffic does not have to be
initiated from the same host or even be the same transport or service.
For example I could be using HTTP from host "A" to "B" while host "B"
has initiated a Telnet and SNMP back to host "A". All three sessions
could me multiplexed into the same set of IP packets. While normally I
place little weight in events I have never measured with an analyzer,
the source of this info was the Cisco training manuals. I did however
find some other things that I _know_ are mistakes, but we will not go
So has anyone actually ever seen this before? If so, how does a firewall
deal with this type of connection? This would speak volumes to
inspecting payload. I would assume that a firewall/filter that simply
makes decisions based upon the data located at a certain offset from the
preamble field would probably miss this.
I would also assume that the support of this type of multiplexing would
be vendor specific. Anyone out there doing it?
Thanks in advance!
"We've heard that a million monkeys at a million keyboards
could produce the Complete Works of Shakespeare; now,
thanks to the Internet, we know this is not true."