First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

what will happen if the client receives syn ack retransmission when it is in fin-wait-1

Hi, We are facing a peculiar issue in our network. From the ethreal packet capture on the client side, I see the following behaviour which appears quite strange to me:

#1 Client --> Server  [SYN] seq=0
#2 Server --> Client  [SYN, ACK] seq=0 ack=1
#3 Client --> Server  [ACK] seq=1 ack =1 
#4 Client --> Server  [PSH] seq=1 ack =1 len=488
#5 Client --> Server  [FIN, ACK] seq =489 ack =1 
#6 Server --> Client  [SYN, ACK] seq=0 ack=1 retransmission 
#7 Client --> Server  [ACK] seq=490 ack=1( I don't know why the seq is 490,because I think it should be seq =1 ack=1)
#8 Client --> Server  [FIN,PSH,ACK] seq=1 ack=1 len=488
#9 Server --> Client  [ACK] seq=1 ack=490

Any ideas as to why this could be happening?

Kasa's avatar
3
Kasa
asked 2019-11-09 00:49:57 +0000
SYN-bit's avatar
18.5k
SYN-bit
updated 2019-11-09 23:22:40 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Without timestamps it is hard to interpret these packets. Could you provide the capture file on a public fleservice like Dropbox, OneDrive or Google drive (you can use tracewrangler to anonymize the file if it contains sensitive information) and provide a link to the file.

SYN-bit's avatar SYN-bit (2019-11-09 23:26:18 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

As Sake noted, having a capture file allows us to use Wireshark to analyze the data, however here's what I can see:

#1 Client --> Server  [SYN] seq=0
#2 Server --> Client  [SYN, ACK] seq=0 ack=1
#3 Client --> Server  [ACK] seq=1 ack =1 
#4 Client --> Server  [PSH] seq=1 ack =1 len=488
#5 Client --> Server  [FIN, ACK] seq =489 ack =1

The above is a normal TCP connection, and the client sending some data, immediately followed by a FIN. Not sure why the client is sending ACK in #5 though.

#6 Server --> Client  [SYN, ACK] seq=0 ack=1 retransmission

This is a retransmission. The server didn't get the client data from packets #3 to #5

#7 Client --> Server  [ACK] seq=490 ack=1( I don't know why the seq is 490,because I think it should be seq =1 ack=1)

The client is now acking the server retransmission. The client seq. is 490 as that's how far it has got after #5.

#8 Client --> Server  [FIN,PSH,ACK] seq=1 ack=1 len=488

The client is retransmitting the data and the FIN

#9 Server --> Client  [ACK] seq=1 ack=490

The server is acking the data from the client.

grahamb's avatar
23.8k
grahamb
answered 2019-11-10 17:24:17 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer