Ask Your Question
0

what will happen if the client receives syn ack retransmission when it is in fin-wait-1

asked 2019-11-09 00:49:57 +0000

Kasa gravatar image

updated 2019-11-09 23:22:40 +0000

SYN-bit gravatar image

Hi, We are facing a peculiar issue in our network. From the ethreal packet capture on the client side, I see the following behaviour which appears quite strange to me:

#1 Client --> Server  [SYN] seq=0
#2 Server --> Client  [SYN, ACK] seq=0 ack=1
#3 Client --> Server  [ACK] seq=1 ack =1 
#4 Client --> Server  [PSH] seq=1 ack =1 len=488
#5 Client --> Server  [FIN, ACK] seq =489 ack =1 
#6 Server --> Client  [SYN, ACK] seq=0 ack=1 retransmission 
#7 Client --> Server  [ACK] seq=490 ack=1( I don't know why the seq is 490,because I think it should be seq =1 ack=1)
#8 Client --> Server  [FIN,PSH,ACK] seq=1 ack=1 len=488
#9 Server --> Client  [ACK] seq=1 ack=490

Any ideas as to why this could be happening?

edit retag flag offensive close merge delete

Comments

Without timestamps it is hard to interpret these packets. Could you provide the capture file on a public fleservice like Dropbox, OneDrive or Google drive (you can use tracewrangler to anonymize the file if it contains sensitive information) and provide a link to the file.

SYN-bit gravatar imageSYN-bit ( 2019-11-09 23:26:18 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-11-10 17:24:17 +0000

grahamb gravatar image

As Sake noted, having a capture file allows us to use Wireshark to analyze the data, however here's what I can see:

#1 Client --> Server  [SYN] seq=0
#2 Server --> Client  [SYN, ACK] seq=0 ack=1
#3 Client --> Server  [ACK] seq=1 ack =1 
#4 Client --> Server  [PSH] seq=1 ack =1 len=488
#5 Client --> Server  [FIN, ACK] seq =489 ack =1

The above is a normal TCP connection, and the client sending some data, immediately followed by a FIN. Not sure why the client is sending ACK in #5 though.

#6 Server --> Client  [SYN, ACK] seq=0 ack=1 retransmission

This is a retransmission. The server didn't get the client data from packets #3 to #5

#7 Client --> Server  [ACK] seq=490 ack=1( I don't know why the seq is 490,because I think it should be seq =1 ack=1)

The client is now acking the server retransmission. The client seq. is 490 as that's how far it has got after #5.

#8 Client --> Server  [FIN,PSH,ACK] seq=1 ack=1 len=488

The client is retransmitting the data and the FIN

#9 Server --> Client  [ACK] seq=1 ack=490

The server is acking the data from the client.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-11-09 00:49:57 +0000

Seen: 50 times

Last updated: Nov 10 '19