Reputation: 21
RST PSH ACK Bits all set in a single packet
I am taking a packet trace and the server on my system receives a RST flag,, it then replies with a packet were the ACK,RST and PSH bits are all set. This does not seem normal to me? I m not sure why I would see the PSH bit set in a RST scenario? does anyone know why this might be?
Upvotes: 1
Views: 1618
Answers (1)
Reputation: 56
Once the connection is established, all packets need to have ACK set and match the sequence number of the received packets for reliable transport/security. RST without ACK will not be accepted. When one side sends RST, the socket is closed immediately and the receiving side also closes the socket immediately after receiving valid RST. It does not need to be and can't be acknowledged.
after TCP handshake
A --->B Syn=x, Ack=y, len=z, ACK Flag
B --->A Syn=y, Ack=x+z, len=o, ACK Flag
A --->B Syn=x+z, Ack=y+o, len=p, ACK Flag
B --->A Syn=y+o, ACK=x+z+p,len=q, RST, ACK Flag
B closes the socket after it sends the last packet and A closes the socket after it receives it.
(not considering TCP window here, or there might be more packets from one end before the acknoledgement)
ACK Flag, acknowledgement number and the procedure of acknowledgement are related but not the same thing.
Per RFC793
RFC793 Acknowledgment Number: 32 bits
If the ACK control bit is set this field contains the value of the
next sequence number the sender of the segment is expecting to
receive. Once a connection is established this is always sent.
Reset Processing
In all states except SYN-SENT, all reset (RST) segments are validated by checking their SEQ-fields. A reset is valid if its sequence number is in the window. In the SYN-SENT state (a RST received in response to an initial SYN), the RST is acceptable if the ACK field acknowledges the SYN.
The receiver of a RST first validates it, then changes state. If the receiver was in the LISTEN state, it ignores it. If the receiver was in SYN-RECEIVED state and had previously been in the LISTEN state, then the receiver returns to the LISTEN state, otherwise the receiver aborts the connection and goes to the CLOSED state. If the receiver was in any other state, it aborts the connection and advises the user and goes to the CLOSED state.
Upvotes: 2
Related Questions
- How does TCP PSH work?
- STARTED getting RST packet from client socket after I replied SYN packet with SYN + ACK packet
- TCP Server sends [ACK] followed by [PSH,ACK]
- why kernel sent RST to a remote TCP server after the machine receiving a SYN/ACK packet?
- Server responds with [ACK] to client's [SYN] which ends up in [RST, ACK] from client
- TCP RST packet details
- How to set linux kernel not to send RST_ACK, so that I can give SYN_ACK within raw socket
- hping send SYN: how not to send RST after receiving SYN/ACK?
- Is an RST packet guaranteed to arrive?
- RST instead of ACK in third step of handshake process