A session in the Traffic log is reporting the application as `incomplete.`
What does `incomplete` mean?
A session in the Traffic log is reporting the application as `incomplete.`
What does `incomplete` mean?
Incomplete means that the three-way TCP handshake did not complete. The term 'incomplete' specifically refers to a scenario where the initial connection setup process via TCP was not successful, implying that the necessary synchronization steps were not fully carried out.
answer is B - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
The answer looks to be A or B, if the article is still valid. It was last modified 2 years ago. From the article (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC): Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. Insufficient data means not enough data to identify the application. Unknown-tcp means the firewall captured the three-way TCP handshake, but the application was not identified. Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service.
Answer is B
B is correct https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
I thought it could be A at first, but reading PaloSteve's comment, it looks like A has the wrong language. "Observed" rather than "complete" and left out "not enough data."