First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

SYN/ACK Retransmission issue

Hi experts,

The following question actually stems from an old post: https://osqa-ask.wireshark.org/questi...

When the TCP three-way handshake is complete,What would be the behavior of the server if there's no requests from the client? Why is SYN/ACK retransmitted?

31s , tcp_synack_retries?


Regards, 7ACE

7ACE's avatar
40
7ACE
asked 2022-02-05 02:14:33 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Go back to the rephrased question. When the TCP three-way handshake is complete, if the client is suddenly offline, what would be the behavior of the server?

It depends on the operating system and application. The developers would use a combination of methods to verify if the TCP peer is still there. An example is the application that monitors the TCP transmit buffer. If the transmit buffer is not decreasing, then send the TCP-keep-alive. After the TCP-keep-alive retries maximum counter has been reached, the server should release the socket. The TCP-keep-alive is a safeguard against the disconnecting of a slow user.

BigFatCat's avatar
31
BigFatCat
answered 2022-02-06 19:15:51 +0000, updated 2022-02-06 19:25:49 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for the explanation.As per my understanding,this means that the keepalive routines wait for 120 secs before sending the first keepalive probe, and then resend it every 15 seconds.

# cat /proc/sys/net/ipv4/tcp_keepalive_time 120
# cat /proc/sys/net/ipv4/tcp_keepalive_intvl 15


So i think i might understand the normal behavior of the server.


Sorry,Go back to the old post.SYN/ACK Retransmission & 31 secs,What could possibly explain this phenomenon?

7ACE's avatar 7ACE (2022-02-07 01:14:11 +0000) edit
more
  • delete
1

Let me expand on my previous comments. This is only a theory, only the developer and OS, The only way to know for sure is to start a capture and break it. 1. Configure a TCP packet retry counter. This should catch TCP when doesn't get an ACK. When the counter is reached, then release the socket. 2. Configure TCP keep-alive with TCP keep-alive retry counter. The question is how often to send the TCP keep-alive. 3. Monitor the transmit buffer. If there are only a couple of bytes in the transmit buffer and Nagle is configured, then the application will need to push TCP. TCP keep-alive should only occur when the TCP transmit buffer is empty.

BigFatCat's avatar BigFatCat (2022-02-07 01:38:35 +0000) edit
more
  • delete
add a comment see more comments
0

Who says the three-way handshake is complete? The fact that you see SYN, SYN/ACK, ACK doesn't mean both ends see them. Or if the sequence numbers in the ACK are incorrect the handshake is also not complete.

Jaap's avatar
13.7k
Jaap
answered 2022-02-05 08:31:44 +0000
edit flag offensive 0 remove flag delete link
more

Comments

First of all Thanks for your answer.


According to the description in the post (https://osqa-ask.wireshark.org/questi...), the pcap file was captured on the server,and he monitored the connection with netstat and saw the SYN_RECV then goes into ESTABLISHED.


Sorry my question may not be clear. Let me put it another way,When the TCP three-way handshake is complete,if the client is suddenly offline,what would be the behavior of the server?


:) please forgive my english.

7ACE's avatar 7ACE (2022-02-05 11:50:57 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer