Hi experts,
The following question actually stems from an old post: https://osqa-ask.wireshark.org/questi...
When the TCP three-way handshake is complete,What would be the behavior of the server if there's no requests from the client? Why is SYN/ACK retransmitted?
31s , tcp_synack_retries?
Regards, 7ACE
Who says the three-way handshake is complete? The fact that you see SYN, SYN/ACK, ACK doesn't mean both ends see them. Or if the sequence numbers in the ACK are incorrect the handshake is also not complete.
First of all Thanks for your answer.
According to the description in the post (https://osqa-ask.wireshark.org/questi...), the pcap file was captured on the server,and he monitored the connection with netstat and saw the SYN_RECV then goes into ESTABLISHED.
Sorry my question may not be clear. Let me put it another way,When the TCP three-way handshake is complete,if the client is suddenly offline,what would be the behavior of the server?
:) please forgive my english.
Go back to the rephrased question. When the TCP three-way handshake is complete, if the client is suddenly offline, what would be the behavior of the server?
It depends on the operating system and application. The developers would use a combination of methods to verify if the TCP peer is still there. An example is the application that monitors the TCP transmit buffer. If the transmit buffer is not decreasing, then send the TCP-keep-alive. After the TCP-keep-alive retries maximum counter has been reached, the server should release the socket. The TCP-keep-alive is a safeguard against the disconnecting of a slow user.
Thank you for the explanation.As per my understanding,this means that the keepalive routines wait for 120 secs before sending the first keepalive probe, and then resend it every 15 seconds.
# cat /proc/sys/net/ipv4/tcp_keepalive_time 120
# cat /proc/sys/net/ipv4/tcp_keepalive_intvl 15
So i think i might understand the normal behavior of the server.
Sorry,Go back to the old post.SYN/ACK Retransmission & 31 secs,What could possibly explain this phenomenon?
Let me expand on my previous comments. This is only a theory, only the developer and OS, The only way to know for sure is to start a capture and break it. 1. Configure a TCP packet retry counter. This should catch TCP when doesn't get an ACK. When the counter is reached, then release the socket. 2. Configure TCP keep-alive with TCP keep-alive retry counter. The question is how often to send the TCP keep-alive. 3. Monitor the transmit buffer. If there are only a couple of bytes in the transmit buffer and Nagle is configured, then the application will need to push TCP. TCP keep-alive should only occur when the TCP transmit buffer is empty.
Asked: 2022-02-05 02:14:33 +0000
Seen: 1,773 times
Last updated: Feb 06 '22
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
