Ask Your Question

aspyct's profile - activity

2021-08-06 14:36:13 +0000 received badge  Famous Question (source)
2021-08-06 14:36:13 +0000 received badge  Notable Question (source)
2021-08-06 14:36:13 +0000 received badge  Popular Question (source)
2018-11-12 14:09:28 +0000 answered a question How I could capture the traffic of my smartphone or tablet

If you want to intercept and read HTTPS traffic, you'll need a proxy that reencrypts the traffic. mitmproxy or sslsplit

2018-11-09 09:22:56 +0000 commented answer SYN followed by PSH ACK with incorrect ACK sequence number

Thanks, I'll try and discuss these possibilities with the network team!

2018-11-09 09:22:11 +0000 marked best answer SYN followed by PSH ACK with incorrect ACK sequence number

I'm investigating network issues at our office. I'm not on the network team and have no details on the network topology, but here's a trace of what happens on my machine.

https://www.dropbox.com/s/mbhnd4e34ft...

You're looking at a curl HTTP request made from my workstation to my own website. The website was working fine at the time the capture was made. Just before that, two other HTTP requests went through fine, but this one eventually timed out. I had a similar behavior on other websites.

Note that wireshark is indicating "TCP ACKed unseen segment", but I'm pretty confident I didn't miss packets: the 2 http requests made just before that were complete, and there wasn't much network traffic except for some broadcast.

I'm seeing two things wrong here:

  1. the initial SYN gets a PSH/ACK response
  2. the ACK sequence number on the first response is random

From my understanding, the first response from the server should be a SYN/ACK with a sequence number of 1. I've never seen a SYN, PSH/ACK, ACK sequence (although, admittedly, my TCP knowledge is a bit rusty).

So here come the questions:

  1. is there a case where a PSH/ACK would be a legit response to a SYN, and what about that ACK sequence number?
  2. if it is indeed an error, do you know of any network equipment that would be likely to cause that error?

Thanks for your time :)

2018-11-09 09:22:11 +0000 received badge  Scholar (source)
2018-11-08 18:41:47 +0000 received badge  Editor (source)
2018-11-08 18:41:47 +0000 edited question SYN followed by PSH ACK with incorrect ACK sequence number

SYN followed by PSH ACK with incorrect ACK sequence number I'm investigating network issues at our office. I'm not on th

2018-11-08 18:27:44 +0000 asked a question SYN followed by PSH ACK with incorrect ACK sequence number

SYN followed by PSH ACK with incorrect ACK sequence number I'm investigating network issues at our office. I'm not on th