This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Connection stays established after RST packet

0

Hello,

After server receives RST packet conection stays ESTABLISHED and setting new connection on the same ports is impossible. Can anybody point me why?

Thanks for help.

    12809   76687.618015000 client  server  TCP 396 16081→4210 [PSH, ACK] Seq=53 Ack=53 Win=65483 Len=330 TSval=2670952 TSecr=2913999211
    12810   76687.618204000 server  client  TCP 66  4210→16081 [ACK] Seq=2711635446 Ack=3631645278 Win=15616 Len=0 TSval=2989694647 TSecr=2670952
    12811   76688.352263000 server  client  TCP 422 4210→16081 [PSH, ACK] Seq=2711635446 Ack=3631645278 Win=15616 Len=356 TSval=2989695381 TSecr=2670952
    12812   76688.489380000 client  server  TCP 66  16081→4210 [ACK] Seq=383 Ack=409 Win=65127 Len=0 TSval=2670960 TSecr=2989695381
    27223   163174.555440000    client  server  TCP 60  16081→4210 [RST, ACK] Seq=384 Ack=409 Win=0 Len=0
    27224   163174.555562000    server  client  TCP 66  [TCP Dup ACK 12811#1] 4210→16081 [ACK] Seq=2711635802 Ack=3631645278 Win=15616 Len=0 TSval=3076181584 TSecr=2670960
    27277   163485.076719000    client  server  TCP 78  [TCP Port numbers reused] 16081→4210 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=1 TSval=0 TSecr=0 SACK_PERM=1
    27278   163488.154351000    client  server  TCP 78  [TCP Retransmission] 16081→4210 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=1 TSval=0 TSecr=0 SACK_PERM=1
More SYN packets ...

asked 03 Dec '14, 08:58

JozefB's gravatar image

JozefB
11112
accept rate: 0%

Seems Tcp port 16081 is reused by client after 5 seconds, we can reuse the same socket but only if the SYN packet contains a sequence number which is larger than was previously used.for your reference http://blog.davidvassallo.me/2010/07/13/time_wait-and-port-reuse/

(03 Dec '14, 21:01) kishan pandey

Port 16081 is reused after more than 5 minutes (after RST) but i think it doesn't matter (no FIN). Shouldn't connection change state to CLOSED after server receives RST/ACK segment? Now it stays ESTABLISHED.

(04 Dec '14, 03:31) JozefB

One Answer:

0

Assuming this is a trace taken at the client, I'd say the reset did not make it to the server's TCP layer.

answered 05 Dec '14, 10:49

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

The trace was taken at the server.

(08 Dec '14, 07:17) JozefB

RFC 793 Says,In all states except SYN-SENT, all reset (RST) segments are validated by checking their SEQ-fields. A reset is valid if its sequence number is in the window. In the SYN-SENT state (a RST received in response to an initial SYN), the RST is acceptable if the ACK field acknowledges the SYN.Can you post the capture because in capture seq no. are not matching not sure why(because relative sequence feature or capture taken at some proxy or FW device)

(08 Dec '14, 09:28) kishan pandey