Mateusz Stompór
Reputation: 491
Server responds with [ACK] to client's [SYN] which ends up in [RST, ACK] from client
Server runs on port 192.168.0.192:51110 and listens for incoming connections. Client 192.168.0.73:5001 tries to connect to the server each 3 secs or so. As you can see at some point the connection was established. After a while the server closed the connection, so did the client. But then something strange started to happen. Client was trying to connect with [SYN], but the server was closed for a while and during that it responeded with [ACK]. At some point it changed - server was listening once again but the result was the same - client was sending
[SYN], got [ACK] from server and the client responded with [RST, ACK] once again. My question is: Whose fault is it? During the time when client's was struggling with connecting to the server I was able to connect to the server via netcat without a problem.
No. Time Source Destination Protocol Length Info
61209 418.027590 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61244 421.081906 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61259 421.538621 192.168.0.73 192.168.0.192 TCP 58 [TCP Port numbers reused] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61351 424.652490 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61368 424.653304 192.168.0.192 192.168.0.73 TCP 58 51110 → 5001 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
61372 424.790294 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [ACK] Seq=1 Ack=1 Win=5840 Len=0
61377 425.096394 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=1 Ack=1 Win=5840 Len=36
61378 425.096592 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=37 Win=65535 Len=0
61383 425.880701 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=37 Ack=1 Win=5840 Len=36
61384 425.880880 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=73 Win=65535 Len=0
61389 426.495133 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=73 Ack=1 Win=5840 Len=36
61390 426.495307 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=109 Win=65535 Len=0
61395 426.967946 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=109 Ack=1 Win=5840 Len=36
61396 426.968117 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=145 Win=65535 Len=0
61418 427.491273 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=145 Ack=1 Win=5840 Len=36
61419 427.491456 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=181 Win=65535 Len=0
61422 428.235976 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=181 Ack=1 Win=5840 Len=36
61423 428.236161 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=217 Win=65535 Len=0
61428 428.773906 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=217 Ack=1 Win=5840 Len=36
61429 428.774082 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=253 Win=65535 Len=0
61431 429.464978 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=253 Ack=1 Win=5840 Len=36
61433 429.465225 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=289 Win=65535 Len=0
61434 430.079135 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=289 Ack=1 Win=5840 Len=36
61435 430.079314 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=325 Win=65535 Len=0
61436 430.569109 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [FIN, ACK] Seq=1 Ack=325 Win=65535 Len=0
61437 430.581167 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=325 Ack=1 Win=5840 Len=36
61438 430.581284 192.168.0.192 192.168.0.73 TCP 54 [TCP Out-Of-Order] 51110 → 5001 [FIN, ACK] Seq=1 Ack=361 Win=65499 Len=0
61439 430.586241 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [ACK] Seq=361 Ack=2 Win=5839 Len=0
61440 430.591451 192.168.0.73 192.168.0.192 TCP 56 [TCP Dup ACK 61439#1] 5001 → 51110 [ACK] Seq=361 Ack=2 Win=5839 Len=0
61441 430.598894 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [FIN, ACK] Seq=361 Ack=2 Win=5839 Len=0
61442 430.598963 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=2 Ack=362 Win=65498 Len=0
61443 430.628086 192.168.0.73 192.168.0.192 TCP 58 [TCP Port numbers reused] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61444 430.628144 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61445 430.644078 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61446 431.115920 192.168.0.192 192.168.0.73 TCP 54 [TCP ZeroWindow] [TCP Keep-Alive] 51110 → 5001 [ACK] Seq=0 Ack=4294955058 Win=0 Len=0
61447 431.132461 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=0 Win=5840 Len=0
61700 433.542616 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61701 433.542677 192.168.0.192 192.168.0.73 TCP 54 [TCP Window Update] 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61702 433.550008 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61713 436.735938 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61714 436.736047 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61444#1] 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61715 437.145340 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61736 439.544792 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61737 439.544910 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61444#2] 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61738 439.553303 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61747 442.545265 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61748 442.545381 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61444#3] 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61749 442.556383 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61756 445.543206 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61757 445.543319 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61444#4] 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61758 445.552223 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61760 448.716440 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61761 448.716554 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61444#5] 51110 → 5001 [ACK] Seq=1 Ack=4294955058 Win=65498 Len=0
61762 448.842308 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294955058 Ack=1 Win=5840 Len=0
61763 449.228447 192.168.0.73 192.168.0.192 TCP 58 [TCP Port numbers reused] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61765 449.228593 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1 Ack=4294946584 Win=65498 Len=0
61769 449.456396 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294946584 Ack=1 Win=5840 Len=0
61776 452.085388 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61777 452.085452 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61765#1] 51110 → 5001 [ACK] Seq=1 Ack=4294946584 Win=65498 Len=0
61778 452.219830 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294946584 Ack=1 Win=5840 Len=0
61788 455.067160 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61792 455.067403 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61765#2] 51110 → 5001 [ACK] Seq=1 Ack=4294946584 Win=65498 Len=0
61793 455.074064 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294946584 Ack=1 Win=5840 Len=0
61796 458.242349 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61797 458.242462 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61765#3] 51110 → 5001 [ACK] Seq=1 Ack=4294946584 Win=65498 Len=0
61798 458.361278 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294946584 Ack=1 Win=5840 Len=0
61811 461.107556 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61812 461.107726 192.168.0.192 192.168.0.73 TCP 54 [TCP Dup ACK 61765#4] 51110 → 5001 [ACK] Seq=1 Ack=4294946584 Win=65498 Len=0
61815 461.230727 192.168.0.73 192.168.0.192 TCP 56 5001 → 51110 [RST, ACK] Seq=4294946584 Ack=1 Win=5840 Len=0
61822 464.175495 192.168.0.73 192.168.0.192 TCP 58 [TCP Retransmission] 5001 → 51110 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
61823 464.175755 192.168.0.192 192.168.0.73 TCP 58 [TCP Previous segment not captured] [TCP Port numbers reused] 51110 → 5001 [SYN, ACK] Seq=1987352337 Ack=1 Win=65535 Len=0 MSS=1460
61824 464.355208 192.168.0.73 192.168.0.192 TCP 56 [TCP ACKed unseen segment] 5001 → 51110 [ACK] Seq=1 Ack=1987352338 Win=5840 Len=0
61825 464.502648 192.168.0.73 192.168.0.192 TCP 56 [TCP Dup ACK 61824#1] 5001 → 51110 [ACK] Seq=1 Ack=1987352338 Win=5840 Len=0
61826 464.682030 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=1 Ack=1987352338 Win=5840 Len=36
61827 464.682033 192.168.0.73 192.168.0.192 TCP 56 [TCP Dup ACK 61824#2] 5001 → 51110 [ACK] Seq=37 Ack=1987352338 Win=5840 Len=0
61828 464.682132 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1987352338 Ack=37 Win=65535 Len=0
61829 465.221480 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=37 Ack=1987352338 Win=5840 Len=36
61830 465.221560 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1987352338 Ack=73 Win=65535 Len=0
61837 465.920001 192.168.0.73 192.168.0.192 TCP 90 5001 → 51110 [PSH, ACK] Seq=73 Ack=1987352338 Win=5840 Len=36
61838 465.920176 192.168.0.192 192.168.0.73 TCP 54 51110 → 5001 [ACK] Seq=1987352338 Ack=109 Win=65535 Len=0
Upvotes: 0
Views: 2019
Answers (1)
Steffen Ullrich
Reputation: 123260
This looks pretty strange for me. The client is using the same source and destination ports directly after a connection was closed. This is not how clients are supposed to work so my guess is that this is some broken client.
The reaction from the server to this strange client is strange too though: it should not just ACK the SYN but either to a SYN+ACK to continue with the handshake or in this case of rapid reuse of the same port better send a RST to the client to abandon the connection attempt. A simply ACK for this does not make really sense.
Upvotes: 2
Related Questions
- STARTED getting RST packet from client socket after I replied SYN packet with SYN + ACK packet
- TCP Server sends [ACK] followed by [PSH,ACK]
- why kernel sent RST to a remote TCP server after the machine receiving a SYN/ACK packet?
- TCP: Server sends [RST, ACK] immediately after receiving [SYN] from Client
- Client sends [RST] after receive [SYN, ACK]
- How to set linux kernel not to send RST_ACK, so that I can give SYN_ACK within raw socket
- Client Hello TCP Retransmission from wireshark
- RST instead of ACK in third step of handshake process
- How do I respond with a "syn ack" packet when receiving a "syn" packet through a raw socket?
- Why TCP socket send a RST packet instead of resending data when receives an incorrect ACK?