[Groupe comp-protocols-tcp-ip] : Re: Somthing wrong with the RST-ACK? Server/Client broken?

Général

Accueil
Revue de presse
Contactez-nous
Participez

Les modèles

TcpIp
Osi
Osi-TcpIp
X.200
Les Rfc

Les entêtes

Entête Ethernet
Entête Ip
Entête Arp
Entête Rarp
Entête Icmp
Entête Igmp
Entête Tcp
Entête Udp
Entête IPv6

Divers

Le fonctionnement

Nat
Routage
Sous-réseaux
IP/Bluetooth

Les services

Dhcp
Dns
Ntp
Snmp

La VoIP

Toip
Voip
Triple Play

Les IpVpn

Vpn
IpSec
L2TP PPP
Mpls
Mpls Cisco

comp.protocols.tcp-ip
Affichage de l'article :
Re: Somthing wrong with the RST-ACK? Server/Client broken?

Date : Le 03 avril 2008
From : News Reader
Sujet : Re: Somthing wrong with the RST-ACK? Server/Client broken?

Markus Rehbach wrote:
> Hi all,
>
> in the follwing trace we see a quite pathological TCP session.
>
> What's broken? RST-ACK in packet 8 malformed? Telnet host defect? Client, too?
>

Presumably, you are sniffing at the Telnet server's end of the connection.

> 1 0.000000 10.1.14.2 -> 10.2.33.2 TCP 62 1201 > 23 [SYN] Seq=1181960481 Win=64512 Len=0 MSS=1260
You see the inbound SYN from the client.

> 2 0.000828 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604381 Ack=1181960482 Win=65535 Len=0 MSS=1452
You see the SYN/ACK response from the Telnet server.

> 3 2.919766 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604381 Ack=1181960482 Win=65535 Len=0 MSS=1452
Three seconds later, the server sends another SYN/ACK because it did not
receive an ACK from the client. Either the client did not receive the
SYN/ACK sent by the server, and therefore did not respond with an ACK,
or the server is not receiving an ACK sent by the client.

If you can, it would be good to sniff the client side of the connection
and determine whether the SYN/ACK arrived at the client, and whether an
ACK is sent by the client.

> 4 2.920221 10.1.14.2 -> 10.2.33.2 TCP 62 1201 > 23 [SYN] Seq=1181960481 Win=64512 Len=0 MSS=1260
Host is initiating a new connection attempt (same sequence number).

> 5 8.825826 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604381 Ack=1181960482 Win=65535 Len=0 MSS=1452
> 6 20.645954 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604381 Ack=1181960482 Win=65535 Len=0 MSS=1452
> 7 44.304512 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604381 Ack=1181960482 Win=65535 Len=0 MSS=1452
Multiple SYN/ACKs from the server (several seconds apart).
Server still isn't getting the ACK it expects.
We are expecting the client's ACK to have Seq 1181960482.

> 8 44.305136 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604382 Win=65535 Len=0
Client sends RST.
Packet 7's Ack was 1181960482 (next expected Seq), but the Seq of packet
8 is 1181960483. Perhaps an ACK was sent from the client with Seq
1181960482, and it's not making it onto the segment your sniffer is
attached to.

> 9 44.305455 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604382 Ack=1181960482 Win=65535 Len=0 MSS=1452
Server is expecting an ACK with Seq of 1181960482 but not getting it.

> 10 44.305773 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604383 Win=65535 Len=0
Client's Ack has been incremented. It received something from the server
(SYN/ACK perhaps).

> 11 44.306152 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604383 Ack=1181960482 Win=65535 Len=0 MSS=1452
Server is still expecting an ACK with Seq of 1181960482 but still not
getting it.

> 12 44.306573 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604384 Win=65535 Len=0
Client's Ack has been incremented. It received something from the server
(SYN/ACK perhaps).

> 13 44.306794 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604384 Ack=1181960482 Win=65535 Len=0 MSS=1452
> 14 44.307531 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604385 Win=65535 Len=0
Client's Ack has been incremented. It received something from the server
(SYN/ACK perhaps).

> 15 44.307834 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604385 Ack=1181960482 Win=65535 Len=0 MSS=1452
> 16 44.308265 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604386 Win=65535 Len=0
> 17 44.308546 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604386 Ack=1181960482 Win=65535 Len=0 MSS=1452
> 18 44.308911 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604387 Win=65535 Len=0
> 19 44.309190 10.2.33.2 -> 10.1.14.2 TCP 60 23 > 1201 [SYN, ACK] Seq=1999604387 Ack=1181960482 Win=65535 Len=0 MSS=1452
> 20 44.310401 10.1.14.2 -> 10.2.33.2 TCP 60 1201 > 23 [RST, ACK] Seq=1181960483 Ack=1999604388 Win=65535 Len=0
> following an endless SYN-ACK RST-ACK pingpong......
>
> Thank you
>
> Markus
>
> P.S.: Sorry for the length of the trace lines.
>
>

Best Regards,
News Reader

Posez vos questions, réponses et remarques sur les forums de FrameIP

Recherche

Votre IP

38.103.63.62:57166
Tester votre débit

Interactif

Forums
Multimedia
Qcm
Examen blanc Cisco
Sondages

Les sockets

Winsock
C - connecté
C - non connecté
Vb - Tcp et Udp

La sécurité

Blocks fédéraux
Dos Cisco
Firewall
Saturation Cpu
Saturation Syn
SmartSpoofing
Smurf

Les outils on line

Liste des Ports Tcp Udp
Liste des @MAC
LookingGlass
Calcul des Masques
Scan Tcp
Whois IP

Les outils exe

CiscoDos.exe
FrameIP.exe
PingIcmp.exe
Session.exe
SynFlood.exe
TcpPing.exe

La newsletter

mot clé : somthing ip server ack wrong vpn with rst client ipv4 the tcp broken ip ipv6 tcpip comp re voip protocols

Copyright © 2003-2010 FrameIP TcpIP. Tous droits réservés. Les marques et marques commerciales mentionnées appartiennent à leurs propriétaires respectifs. L'utilisation de ce site Web TcpIP implique l'acceptation des conditions d'utilisation et du règlement sur le respect de la vie privée.
Sécurité entreprise SSII Reseaux Sécurité Test ADSL Affiliation