Server ACK before Client ACK
During the analysing of a problem I had a situation where the Server sent an ACK before the Client even initiated the connection. Is this an error in Wireshark (Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0)) or is this due to some network configuration? Situation:
- Timestamp 1: Server:389 -> Client->56469: [ACK] Seq=1Ack=1 Win=8207 Len=1[Malformed packet]
- Timestamp 2: Client->56469 -> Server:389: [ACK] Seq=1Ack=2 Win=65335 Len=0 SLE=1 SRE=2
- Timestamp 3: Client->56469 -> Server:389: [FIN, ACK] Seq=1Ack=2 Win=65335 Len=0
- Timestamp 4: Server:389 -> Client->56469: [ACK] Seq=2Ack=2 Win=8207 Len=0
- Timestamp 5: Server:389 -> Client->56469: [RST, ACK] Seq=2Ack=2 Win=0 Len=0
This happend when I started a LDAP connection from the client.
There's no connection initiation in the text you provided. Sharing a Pcapng capture file through a publicly accessible file share site could go a long way.
The capture can be found for the next 7 days at: https://www.transfernow.net/dl/202108...
And indeed, it looks like the server reacted first although there was no communication before. The reason of my post is to understand it
Thanks.