This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Server sends PSH, ACK during 3-way handshake

0
2

This is the sequence:

Client sends SYN – sequence number 0

Server returns PSH, ACK – Sequence number 1, Acknowledgement number 31267

I was expecting SYN, ACK from the server. What is going on here?

So, client sends RST and connection never gets established.

Normally everything works fine but once in a while this issue occurs

Thanks,

asked 31 Mar '12, 16:29

Fox2's gravatar image

Fox2
1121
accept rate: 0%


One Answer:

2

I recently saw this at a customer and was able to narrow the problem down to a Cisco ASA running an ancient version of firmware (7.0.4). They are planning an upgrade. Is there a Cisco ASA involved in the communication between your client and server too?

In my case, I could see the SYN enter the FW on the outside, but it was never forwarded on the inside. Instead a PSH/ACK with "random" ACK number was returned to the client.

answered 31 Mar '12, 16:45

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I just received word from my customer that the upgrade of the Cisco ASA FW from version 7.0.4 to 7.2 did indeed solve the issue they were having.

Hope this helps. If you are not running a Cisco ASA, are you able to get a trace of both the client side and the server side? If so, can you post them to http://www.cloudshark.org and paste the URL's to the captures here?

(16 Apr '12, 03:24) SYN-bit ♦♦