On Wed, Dec 12, 2001 at 12:40:33PM -0800, David Correa wrote:
>
> A: Sever
> B: Client
>
> 1. (B) --> ACK/FIN --> (A)
> 2. (B) <-- ACK <-- (A)
> 3. (B) <-- ACK/FIN <-- (A)
> 4. (B) --> ACK --> (A)
>
<snip>
> I think this means that your side is dropping the packet when
> it gets to step #3 "(B) <-- ACK/FIN <-- (A)" of the TCP
> tears down process.
>
> Does this make sence?
>
Yes, that makes sense.. but I don't understand why it would not then be associated with a connection. If the packet is being dropped at (3), then it should still be an established connection because I have not sent the final ACK packet to the server, right? I found it difficult to reproduce these logs too, so it must not be a consistent thing. The connection being made to tgftp.nws.noaa.gov is not via a web browser, but apparently it is the site gweather uses to contact and update it's weather information. gweather is a gnome applet I use on my desktop. Perhaps there is something buggy with it's code not closing the connection properly?
-Matt
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
