Getting fin after push

asked 2022-04-18 05:13:02 +0000

updated 2022-04-18 08:40:53 +0000

The behavior of faulty sessions from pcap is below:

Client —> server [SYN] 
Server —> client [SYN, ACK] 
Client __> server [ACK] 
server —> client [ACK] 
Client ___> server [ACK] 
Server —> client [PSH, ACK] tcp segment of a reassembled PDU 
Client ___> server [ACK] 
Server —-> client [ACK] 
Client ___> server [FIN, ACK] 
Server —-> client [FIN, ACK]

Client initiated many flows but all are gone to FIN after getting push packet

1 Answer

answered 2022-04-18 08:42:23 +0000

My guess would be something in the client application. You'll need to either dissect the traffic or obtain logs from the client app to make any further determination.

Thanks a lot for your reply. I don't have apmany p-level knowledge The client is trying to open HTTPS page from the web browser. in this case, how can the logs be obtained from a windows machine?

Sara5i ( 2022-04-18 12:04:17 +0000 )

Does the web browser show anything?

grahamb ( 2022-04-18 13:19:40 +0000 )

The client gets connection time out error when attempting to access to login page while he was able to connect to main page

Sara5i ( 2022-04-18 13:43:14 +0000 )

You're now really needing to see the HTTPS dissection, but you might be able to determine it without that by looking at the relative timings of the encrypted requests, if the interval between the server PSH and the client FIN is considerable then it may be the client is timing out.

The client browser developer tools console might also give a view in to what's going on, although you'll need to look elsewhere for advice on using those.

grahamb ( 2022-04-18 14:48:12 +0000 )

Asked: 2022-04-18 05:13:02 +0000

