I have a laptop that is connected to a micro web server device via an old hub (Netgear EN104). The IP Assignments are: I am noticing that, on occasion, the laptop will send two SYN packets in the same stream and the server will only ACK one of them. The multiple SYN packets remind me of a type of DoS tactic, but in this case I know for sure that nothing malicious is causing the multiple SYN requests. Here is an example of a stream that contains two SYN packets. I should note that most of the streams do NOT have two SYN packets, but rather contain one (which is what I would expect for all streams). What could cause the browser client to send two SYN packets within the same stream and is there anything that I can do to avoid this from occurring? asked 21 Jan '13, 15:38  KTM |
One Answer:
You'll see multiple SYN packets at the beginning of a conversation if the first SYN does not get answered with a SYN/ACK, or that answer arrives late (in which case the "impatient" client will fire away another SYN). A typical sign of an unanswered SYN is when you can spot a delay of about 3 seconds between the SYN packets - just like in your trace. It usually means that either the first SYN packets got lost, or the server wasn't able to answer sooner. I guess it is more of a performance problem on the server, because it replies with a SYN/ACK containing a window size of zero, which I haven't seen before as far as I remember. Also, in the next packet from the server, it again says "zero window", so this device is in some kind of trouble. I'd say the web server is congested pretty much. answered 21 Jan '13, 15:44  Jasper ♦♦ edited 21 Jan '13, 15:47 |
