Re: SYN+ACK responded to with RST

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I would say you are looking in the wrong direction. Your question should be why is 10.1.0.13 taking so long to reply? the TSecr=3660943802 in frame 2141 says the syn/ack is to frame 2139. Since the client already did a retransmission of the Syn with TSval=3660944802 in frame 2140, this shows 10.1.0.13 has something very wrong with it.


Kevin
———————
> On May 6, 2015, at 09:15, Dennis Jacobfeuerborn <dennisml@xxxxxxxxxxxx> wrote:
> 
> Hi,
> I have a strange case where sometimes a client responds to a SYN+ACK
> packet with a RST. This only seems to happen though after a
> retransmission of the SYN packet. My question is why would that matter
> given that sequence numbers and other parameters all are correct? I
> would expect the client to properly acknowledge the SYN+ACK packet
> instead of sending a RST. Are there any other reasons besides sequence
> number or TSval/TSecr issues that could cause the client side to repond
> with a RST to a SYN+ACK?
> 
> Here is a wireshark summary of such a failed handshake:
> 
> 2139	73.154288	10.0.0.10	10.1.0.13	TCP	74	33298→80 [SYN] Seq=0 Win=14600
> Len=0 MSS=1460 SACK_PERM=1 TSval=3660943802 TSecr=0 WS=128
> 2140	74.153741	10.0.0.10	10.1.0.13	TCP	74	[TCP Retransmission] 33298→80
> [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=3660944802
> TSecr=0 WS=128
> 2141	74.166255	10.1.0.13	10.0.0.10	TCP	74	80→33298 [SYN, ACK] Seq=0
> Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3342367258
> TSecr=3660943802 WS=128
> 2142	74.166266	10.0.0.10	10.1.0.13	TCP	54	33298→80 [RST] Seq=1 Win=0 Len=0
> 
> Regards,
>  Dennis
> --
> To unsubscribe from this list: send the line "unsubscribe lartc" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux