Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Help analyzing TCP connection sequence

Hi all, I'm trying to understand the complete flow of a TCP sequence and i think our application is sometimes not closing TCP sessions right but i'm not 100% sure.

Please see the following: image description

My concerns are with the closing stage of the TCP connection.

  • Packet #2262 is a [FIN,ACK] but shouldn't there be a [FIN] from the other side first?
  • Packet #2265 shows the same but the other way around
  • I can't place those random [ACK]'s at #2264 and #2267.

Why am i asking? This is a capture from our firewall. Apparently, something in this connection is triggering a "new connection" on our firewall. I'm suspecting it has something to do with this TCP connection not being closed gracefully and [ACK]'s coming after the [FIN,ACK]'s but i'm not 100% sure.

Would be great to get some help!

Thanks in advance,