Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-02-26 08:30:48 +0000

inigomontoya gravatar image

TCP SYN replied immediately by RST after successful session

We are trying to deploy a new TCP client to production, after it has been successful working against a test server. Only with production server, it succeeds 1 or 2 TCP sessions, but after that it always fails on connection attempt (SYN) which does not reach our application. The client runs on Linux. The server is a Windows Server 2008 R2, and our application on it is a Windows Server. Please see packet summaries below, listing the end of the successful stream followed by the connection failure (2 last packets). Is the 'successful' stream not terminated correctly? Who's to 'blame' for the fault - server or client? Sorry for the text format of the packets, but I cannot upload a file because I don't have 60 points yet...

 No.     Time               Source                Destination           Protocol Length Info
    864 11:31:30.264304    10.211.12.236         192.168.33.99         TCP      1404   50123 → 4770 [ACK] Seq=116465 Ack=1 Win=29312 Len=1338 TSval=1446107752 TSecr=157591
    865 11:31:30.264314    192.168.33.99         10.211.12.236         TCP      66     4770 → 50123 [ACK] Seq=1 Ack=117803 Win=66048 Len=0 TSval=157694 TSecr=1446107752
    866 11:31:30.333751    10.211.12.236         192.168.33.99         TCP      1404   50123 → 4770 [ACK] Seq=117803 Ack=1 Win=29312 Len=1338 TSval=1446107752 TSecr=157591
    867 11:31:30.512690    10.211.12.236         192.168.33.99         TCP      1404   [TCP Previous segment not captured] 50123 → 4770 [PSH, ACK] Seq=120479 Ack=1 Win=29312 Len=1338 TSval=1446107932 TSecr=157609
    868 11:31:30.512702    192.168.33.99         10.211.12.236         TCP      78     4770 → 50123 [ACK] Seq=1 Ack=119141 Win=64512 Len=0 TSval=157719 TSecr=1446107752 SLE=120479 SRE=121817
    869 11:31:30.768113    10.211.12.236         192.168.33.99         TCP      1404   [TCP Previous segment not captured] 50123 → 4770 [ACK] Seq=124493 Ack=1 Win=29312 Len=1338 TSval=1446108262 TSecr=157642
    870 11:31:30.768124    192.168.33.99         10.211.12.236         TCP      86     [TCP Dup ACK 868#1] 4770 → 50123 [ACK] Seq=1 Ack=119141 Win=64512 Len=0 TSval=157744 TSecr=1446107752 SLE=124493 SRE=125831 SLE=120479 SRE=121817
    871 11:31:30.879825    10.211.12.236         192.168.33.99         TCP      710    [TCP Previous segment not captured] 50123 → 4770 [FIN, PSH, ACK] Seq=127169 Ack=1 Win=29312 Len=644 TSval=1446108262 TSecr=157642
    872 11:31:30.879838    192.168.33.99         10.211.12.236         TCP      94     [TCP Dup ACK 868#2] 4770 → 50123 [ACK] Seq=1 Ack=119141 Win=64512 Len=0 TSval=157756 TSecr=1446107752 SLE=127169 SRE=127813 SLE=124493 SRE=125831 SLE=120479 SRE=121817
    873 11:31:30.954892    10.211.12.236         192.168.33.99         TCP      1404   [TCP Out-Of-Order] 50123 → 4770 [ACK] Seq=119141 Ack=1 Win=29312 Len=1338 TSval=1446109278 TSecr=157744
    874 11:31:30.954908    192.168.33.99         10.211.12.236         TCP      86     4770 → 50123 [ACK] Seq=1 Ack=121817 Win=66048 Len=0 TSval=157763 TSecr=1446109278 SLE=127169 SRE=127813 SLE=124493 SRE=125831
    875 11:31:31.148762    10.211.12.236         192.168.33.99         TCP      1404   [TCP Out-Of-Order] 50123 → 4770 [ACK] Seq=123155 Ack=1 Win=29312 Len=1338 TSval=1446109390 TSecr=157756
    876 11:31:31.148773    192.168.33.99         10.211.12.236         TCP      86     [TCP Dup ACK 874#1] 4770 → 50123 [ACK] Seq=1 Ack=121817 Win=66048 Len=0 TSval=157782 TSecr=1446109278 SLE=123155 SRE=125831 SLE=127169 SRE=127813
    877 11:31:33.688828    10.211.12.236         192.168.33.99         TCP      1404   [TCP Retransmission] 50123 → 4770 [PSH, ACK] Seq=121817 Ack=1 Win=29312 Len=1338 TSval=1446112064 TSecr=157782
    878 11:31:33.688840    192.168.33.99         10.211.12.236         TCP      78     4770 → 50123 [ACK] Seq=1 Ack=125831 Win=66048 Len=0 TSval=158036 TSecr=1446112064 SLE=127169 SRE=127813
    879 11:31:33.830142    10.211.12.236         192.168.33.99         TCP      1404   [TCP Retransmission] 50123 → 4770 [ACK] Seq=125831 Ack=1 Win=29312 Len=1338 TSval=1446112204 TSecr=158036
    880 11:31:33.830155    192.168.33.99         10.211.12.236         TCP      66     4770 → 50123 [ACK] Seq=1 Ack=127814 Win=66048 Len=0 TSval=158051 TSecr=1446112204
    881 11:31:33.830193    192.168.33.99         10.211.12.236         TCP      66     4770 → 50123 [FIN, ACK] Seq=1 Ack=127814 Win=66048 Len=0 TSval=158051 TSecr=1446112204
    882 11:31:33.869158    10.211.12.236         192.168.33.99         TCP      710    [TCP Spurious Retransmission] 50123 → 4770 [FIN, PSH, ACK] Seq=127169 Ack=1 Win=29312 Len=644 TSval=1446112204 TSecr=158036
    883 11:31:33.869167    192.168.33.99         10.211.12.236         TCP      78     [TCP Dup ACK 880#1] 4770 → 50123 [ACK] Seq=2 Ack=127814 Win=66048 Len=0 TSval=158054 TSecr=1446112204 SLE=127169 SRE=127813
    884 11:31:33.888837    10.211.12.236         192.168.33.99         TCP      66     50123 → 4770 [ACK] Seq=127814 Ack=2 Win=29312 Len=0 TSval=1446112348 TSecr=158051
    885 11:45:28.160099    10.211.12.236         192.168.33.99         TCP      74     50124 → 4770 [SYN] Seq=0 Win=29200 Len=0 MSS=1360 SACK_PERM=1 TSval=1446945766 TSecr=0 WS=128
    886 11:45:28.160109    192.168.33.99         10.211.12.236         TCP      54     4770 → 50124 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

TCP SYN replied immediately by RST after successful session

We are trying to deploy a new TCP client to production, after it has been successful working against a test server. Only with production server, it succeeds 1 or 2 TCP sessions, but after that it always fails on connection attempt (SYN) which does not reach our application. The client runs on Linux. Linux, and attempts a connection every 15 minutes. The server is a Windows Server 2008 R2, and our application on it is a Windows Server. Server IP is 192.168.33.99, client IP is 10.211.12.236. Please see packet summaries below, listing the end of the successful stream followed by the connection failure (2 last packets). server-side capture here Is the last 'successful' stream not terminated correctly? Who's to 'blame' for the fault - server or client? Sorry for the text format of the packets, but I cannot upload a file because I don't have 60 points yet...client?

 No.     Time               Source                Destination           Protocol Length Info
    864 11:31:30.264304    10.211.12.236         192.168.33.99         TCP      1404   50123 → 4770 [ACK] Seq=116465 Ack=1 Win=29312 Len=1338 TSval=1446107752 TSecr=157591
    865 11:31:30.264314    192.168.33.99         10.211.12.236         TCP      66     4770 → 50123 [ACK] Seq=1 Ack=117803 Win=66048 Len=0 TSval=157694 TSecr=1446107752
    866 11:31:30.333751    10.211.12.236         192.168.33.99         TCP      1404   50123 → 4770 [ACK] Seq=117803 Ack=1 Win=29312 Len=1338 TSval=1446107752 TSecr=157591
    867 11:31:30.512690    10.211.12.236         192.168.33.99         TCP      1404   [TCP Previous segment not captured] 50123 → 4770 [PSH, ACK] Seq=120479 Ack=1 Win=29312 Len=1338 TSval=1446107932 TSecr=157609
    868 11:31:30.512702    192.168.33.99         10.211.12.236         TCP      78     4770 → 50123 [ACK] Seq=1 Ack=119141 Win=64512 Len=0 TSval=157719 TSecr=1446107752 SLE=120479 SRE=121817
    869 11:31:30.768113    10.211.12.236         192.168.33.99         TCP      1404   [TCP Previous segment not captured] 50123 → 4770 [ACK] Seq=124493 Ack=1 Win=29312 Len=1338 TSval=1446108262 TSecr=157642
    870 11:31:30.768124    192.168.33.99         10.211.12.236         TCP      86     [TCP Dup ACK 868#1] 4770 → 50123 [ACK] Seq=1 Ack=119141 Win=64512 Len=0 TSval=157744 TSecr=1446107752 SLE=124493 SRE=125831 SLE=120479 SRE=121817
    871 11:31:30.879825    10.211.12.236         192.168.33.99         TCP      710    [TCP Previous segment not captured] 50123 → 4770 [FIN, PSH, ACK] Seq=127169 Ack=1 Win=29312 Len=644 TSval=1446108262 TSecr=157642
    872 11:31:30.879838    192.168.33.99         10.211.12.236         TCP      94     [TCP Dup ACK 868#2] 4770 → 50123 [ACK] Seq=1 Ack=119141 Win=64512 Len=0 TSval=157756 TSecr=1446107752 SLE=127169 SRE=127813 SLE=124493 SRE=125831 SLE=120479 SRE=121817
    873 11:31:30.954892    10.211.12.236         192.168.33.99         TCP      1404   [TCP Out-Of-Order] 50123 → 4770 [ACK] Seq=119141 Ack=1 Win=29312 Len=1338 TSval=1446109278 TSecr=157744
    874 11:31:30.954908    192.168.33.99         10.211.12.236         TCP      86     4770 → 50123 [ACK] Seq=1 Ack=121817 Win=66048 Len=0 TSval=157763 TSecr=1446109278 SLE=127169 SRE=127813 SLE=124493 SRE=125831
    875 11:31:31.148762    10.211.12.236         192.168.33.99         TCP      1404   [TCP Out-Of-Order] 50123 → 4770 [ACK] Seq=123155 Ack=1 Win=29312 Len=1338 TSval=1446109390 TSecr=157756
    876 11:31:31.148773    192.168.33.99         10.211.12.236         TCP      86     [TCP Dup ACK 874#1] 4770 → 50123 [ACK] Seq=1 Ack=121817 Win=66048 Len=0 TSval=157782 TSecr=1446109278 SLE=123155 SRE=125831 SLE=127169 SRE=127813
    877 11:31:33.688828    10.211.12.236         192.168.33.99         TCP      1404   [TCP Retransmission] 50123 → 4770 [PSH, ACK] Seq=121817 Ack=1 Win=29312 Len=1338 TSval=1446112064 TSecr=157782
    878 11:31:33.688840    192.168.33.99         10.211.12.236         TCP      78     4770 → 50123 [ACK] Seq=1 Ack=125831 Win=66048 Len=0 TSval=158036 TSecr=1446112064 SLE=127169 SRE=127813
    879 11:31:33.830142    10.211.12.236         192.168.33.99         TCP      1404   [TCP Retransmission] 50123 → 4770 [ACK] Seq=125831 Ack=1 Win=29312 Len=1338 TSval=1446112204 TSecr=158036
    880 11:31:33.830155    192.168.33.99         10.211.12.236         TCP      66     4770 → 50123 [ACK] Seq=1 Ack=127814 Win=66048 Len=0 TSval=158051 TSecr=1446112204
    881 11:31:33.830193    192.168.33.99         10.211.12.236         TCP      66     4770 → 50123 [FIN, ACK] Seq=1 Ack=127814 Win=66048 Len=0 TSval=158051 TSecr=1446112204
    882 11:31:33.869158    10.211.12.236         192.168.33.99         TCP      710    [TCP Spurious Retransmission] 50123 → 4770 [FIN, PSH, ACK] Seq=127169 Ack=1 Win=29312 Len=644 TSval=1446112204 TSecr=158036
    883 11:31:33.869167    192.168.33.99         10.211.12.236         TCP      78     [TCP Dup ACK 880#1] 4770 → 50123 [ACK] Seq=2 Ack=127814 Win=66048 Len=0 TSval=158054 TSecr=1446112204 SLE=127169 SRE=127813
    884 11:31:33.888837    10.211.12.236         192.168.33.99         TCP      66     50123 → 4770 [ACK] Seq=127814 Ack=2 Win=29312 Len=0 TSval=1446112348 TSecr=158051
    885 11:45:28.160099    10.211.12.236         192.168.33.99         TCP      74     50124 → 4770 [SYN] Seq=0 Win=29200 Len=0 MSS=1360 SACK_PERM=1 TSval=1446945766 TSecr=0 WS=128
    886 11:45:28.160109    192.168.33.99         10.211.12.236         TCP      54     4770 → 50124 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

TCP SYN replied immediately by RST after successful session

We are trying to deploy a new TCP client to production, after it has been successful working against a test server. Only with production server, it succeeds 1 or 2 TCP sessions, but after that it always fails on connection attempt (SYN) which does not reach our application. The client runs on Linux, and attempts a connection every 15 minutes. The server is a Windows Server 2008 R2, and our application on it is a Windows Server. Server IP is 192.168.33.99, client IP is 10.211.12.236. Please see server-side capture here . Is the last 'successful' stream not terminated correctly? Who's to 'blame' for the fault - server or client?

TCP SYN replied immediately by RST after successful session

We are trying to deploy a new TCP client to production, after it has been successful working against a test server. Only with production server, it succeeds 1 or 2 TCP sessions, but after that it always fails on connection attempt (SYN) which does not reach our application. The client runs on Linux, and attempts a connection every 15 minutes. The server OS is a Windows Server 2008 R2, and our application on it is a Windows Server. Service. Aside from this client, about 400 other clients are communicating with this server with frequencies ranging between every few seconds to every few minutes. This client always attempts to connect to server port 4770, the other clients try server ports in the range 4770-4772. Server IP is 192.168.33.99, client IP is 10.211.12.236. Please see server-side capture here. Is the last 'successful' stream not terminated correctly? Who's to 'blame' for the fault - server or client?

TCP SYN replied immediately by RST after successful session

We are trying to deploy a new TCP client to production, after it has been successful working against a test server. Only with production server, it succeeds 1 or 2 TCP sessions, but after that it always fails on connection attempt (SYN) which does not reach our application. The client runs on Linux, and attempts a connection every 15 minutes. The server OS is Windows Server 2008 R2, and our application on it is a Windows Service. Aside from this client, about 400 other clients are communicating with this server with frequencies ranging between every few seconds to every few minutes. This client always attempts to connect to server port 4770, the other clients try server ports in the range 4770-4772. 4770-4772 but each client always connects to the same server port. Server IP is 192.168.33.99, client IP is 10.211.12.236. Please see server-side capture here. Is the last 'successful' stream not terminated correctly? Who's to 'blame' for the fault - server or client?