This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

there is no Http get packet

0
1485    19:02:50.954885 100.69.39.242   54.192.231.117  TCP 1083132446          76  56944 > http [SYN] Seq=1083132446 Win=42340 Len=0 MSS=1460 SACK_PERM=1 TSval=657381 TSecr=0 WS=32   0.004519    
1487    19:02:51.036591 54.192.231.117  100.69.39.242   TCP 440232374       1083132447  76  http > 56944 [SYN, ACK] Seq=440232374 Ack=1083132447 Win=14480 Len=0 MSS=1400 SACK_PERM=1 TSval=3642018558 TSecr=657381 WS=128  0.000247    0.081706000
1488    19:02:51.036879 100.69.39.242   54.192.231.117  TCP 1083132447      440232375   68  56944 > http [ACK] Seq=1083132447 Ack=440232375 Win=42368 Len=0 TSval=657389 TSecr=3642018558   0.000288    0.000288000
1500    19:03:23.028406 54.192.231.117  100.69.39.242   TCP 440232375       1083132447  68  http > 56944 [FIN, ACK] Seq=440232375 Ack=1083132447 Win=14592 Len=0 TSval=3642021560 TSecr=657389  19.899114   
1501    19:03:23.028629 54.192.231.117  100.69.39.242   TCP 440232375       1083132447  68  [TCP Out-Of-Order] http > 56944 [FIN, ACK] Seq=440232375 Ack=1083132447 Win=14592 Len=0 TSval=3642021582 TSecr=657389   0.000223    
1502    19:03:23.028785 54.192.231.117  100.69.39.242   TCP 440232375       1083132447  68  [TCP Out-Of-Order] http > 56944 [FIN, ACK] Seq=440232375 Ack=1083132447 Win=14592 Len=0 TSval=3642021626 TSecr=657389   0.000156    
1503    19:03:23.028869 54.192.231.117  100.69.39.242   TCP 440232375       1083132447  68  [TCP Out-Of-Order] http > 56944 [FIN, ACK] Seq=440232375 Ack=1083132447 Win=14592 Len=0 TSval=3642021714 TSecr=657389   0.000084    
1504    19:03:23.037363 100.69.39.242   54.192.231.117  TCP 1083132728      440232376   68  [TCP Previous segment not captured] 56944 > http [FIN, ACK] Seq=1083132728 Ack=440232376 Win=42368 Len=0 TSval=660589 TSecr=3642021714  0.008494    0.008957000
1506    19:03:23.091501 54.192.231.117  100.69.39.242   TCP 440232376           56  http > 56944 [RST] Seq=440232376 Win=0 Len=0    0.040445

There is no http get packet. but We can see here when server is sending [FIN,ACK], it has Seq=440232374, Ack =1083132446. (packet# 1500)

However when device sends FIN,ACK, it has Seq=1083132728.

I think device has sent the data/GET request, but it is not caputured.

asked 30 Jan '15, 12:10

nikol482's gravatar image

nikol482
6224
accept rate: 0%

edited 30 Jan '15, 12:57

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

Looks to me like the server closing the session right after the three way handshake, without allowing the client to even sent a GET command. I wrote a blog post about behavior like this, see

https://blog.packet-foo.com/2014/01/tcp-server-slamming-the-door/

answered 31 Jan '15, 12:09

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thank you for your information, but I wonder How Can I explain sequence number? because there is no http get packet, but sequence number increase 1083132447(packet 1488) to 1083132728(1504)

(09 Feb '15, 01:01) nikol482