Date: Mon, 15 Feb 2010 02:11:48 -0800 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: freebsd-stable@freebsd.org Subject: Re: ACK and RST packets sent after successfully terminating TCP connection Message-ID: <20100215101148.GA56308@icarus.home.lan> In-Reply-To: <92bcbda51002150130i3a1baa4eha06b8ce4f90de486@mail.gmail.com> References: <92bcbda51002150130i3a1baa4eha06b8ce4f90de486@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 15, 2010 at 10:30:31AM +0100, n j wrote:
> Hi all,
>
> I'm reposting this from the freebsd-questions hoping for some answers.
> I feel there is something wrong here, but would really appreciate a
> second opinion before opening a bug report. The problematic part is
> marked with [what is this?].
>
> - in case of successful connection:
>
> [begin handshake]
> 14:52:57.866040 IP client.example.net.6524 > server.example.net.9002:
> S 813851098:813851098(0) win 8192 <mss 1380,nop,wscale
> 2,nop,nop,sackOK>
> 14:52:57.866057 IP server.example.net.9002 > client.example.net.6524:
> S 3888621507:3888621507(0) ack 813851099 win 65535 <mss
> 1380,nop,wscale 3,sackOK,eol>
> 14:52:57.867143 IP client.example.net.6524 > server.example.net.9002:
> . ack 3888621508 win 16560
> [end handshake & begin data]
> 14:52:57.868333 IP client.example.net.6524 > server.example.net.9002:
> P 813851099:813852180(1081) ack 3888621508 win 16560
> 14:52:57.967858 IP server.example.net.9002 > client.example.net.6524:
> . ack 813852180 win 8144
> 14:53:35.533165 IP server.example.net.9002 > client.example.net.6524:
> P 3888621508:3888621542(34) ack 813852180 win 8144
> [end data & begin teardown]
> 14:53:35.564542 IP server.example.net.9002 > client.example.net.6524:
> FP 3888621542:3888621675(133) ack 813852180 win 8280
> 14:53:35.566228 IP client.example.net.6524 > server.example.net.9002:
> . ack 3888621676 win 16518
> 14:53:35.566289 IP client.example.net.6524 > server.example.net.9002:
> F 813852180:813852180(0) ack 3888621676 win 16518
> 14:53:35.566318 IP server.example.net.9002 > client.example.net.6524:
> . ack 813852181 win 8279
> [end teardown]
> [what is this?]
> 14:53:36.172081 IP server.example.net.9002 > client.example.net.6524:
> . ack 813852180 win 0
> 14:53:36.172101 IP server.example.net.9002 > client.example.net.6524:
> . ack 813852181 win 8279
>
> - in case of unsuccessful connection:
>
> [begin handshake]
> 14:53:00.411337 IP client.example.net.6547 > server.example.net.9002:
> S 1055031875:1055031875(0) win 8192 <mss 1380,nop,wscale
> 2,nop,nop,sackOK>
> 14:53:00.411354 IP server.example.net.9002 > client.example.net.6547:
> S 2849043653:2849043653(0) ack 1055031876 win 65535 <mss
> 1380,nop,wscale 3,sackOK,eol>
> 14:53:00.412242 IP client.example.net.6547 > server.example.net.9002:
> . ack 2849043654 win 16560
> [end handshake & reset connection]
> 14:53:00.412251 IP server.example.net.9002 > client.example.net.6547:
> R 2849043654:2849043654(0) win 0
> [what is this?]
> 14:53:01.168076 IP server.example.net.9002 > client.example.net.6547:
> . ack 1055031876 win 0
> 14:53:01.168100 IP server.example.net.9002 > client.example.net.6547:
> R 2849043654:2849043654(0) win 0
> 14:53:01.168393 IP client.example.net.6547 > server.example.net.9002:
> R 1055031876:1055031876(0) ack 2849043653 win 0
>
> The server is running 7.2 GENERIC.
Is it possible for you to upload these captures somewhere on the web?
tcpdump -p -i {iface} -s 0 -n -w {somefile} should be sufficient.
Thanks.
--
| Jeremy Chadwick jdc@parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100215101148.GA56308>