Date: Thu, 11 Sep 2025 19:24:36 -0700 From: Doug Hardie <bc979@lafn.org> To: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org> Subject: TCP State Question Message-ID: <0E3CA9D9-9EC5-49A8-B971-12729FB02EB2@sermon-archive.info>
next in thread | raw e-mail | index | archive | help
I am confused about the pftop output shown below. In both cases there = are significant differences between the source and destination states. = In both cases the source is a remote client and the destination is my = server. Referring to the TCP state diagram from TCP/IP Illustrated, = Volumes 1 and 2, I don't see how the two sides could get that far apart. PR D SRC DEST STATE AGE EXP = PKTS BYTES tcp I 202.133.61.102:18950 10.0.1.230:25 9:4 472 735 = 15 1296 In the case above the source is in FIN_WAIT_2. The destination is in = ESTABLISHED. This implies that the source sent a FIN that the = destination never received. The source should then be in FIN_WAIT_1. = In order for the source to move to FIN_WAIT_2 it needed to receive an = ACK from the destination. However, if the destination had sent an ACK, = it would be in CLOSE_WAIT.=20 PR D SRC DEST STATE AGE EXP = PKTS BYTES tcp I 34.141.245.225:57456 10.0.1.230:25 4:9 27 894 = 15 1329 In this case above, the states are reversed. This is even more = confusing as it shows the destination in FIN_WAIT_2. However, to get = there it would have to go through FIN_WAIT_1. Both of those states are = for the client, not the server. I have not managed to catch the = destination states of CLOSE_WAIT or LAST_ACK which are the server states = during the connection teardown. I only see the client states for the = destination. I will admit that I have not really dealt with the TCP internals since = the early 90's where the company I worked for used the Motorola TCP/IP = stack which was stripped down for use in imbedded systems. I am sure = things have changed a bit since then, but the states I am seeing seem a = bit unusual and contrary to the documentation I have available. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0E3CA9D9-9EC5-49A8-B971-12729FB02EB2>