This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

When I open a raw tcp socket i get this continuous ack psh ack sequence. Any idea why it doesn't finish negotiating?

No. Time Source Destination Protocol Info 1 0.000000 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [SYN] Seq=0 Win=64240 Len=0 MSS=1460

Frame 1 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 0, Len: 0

No. Time Source Destination Protocol Info 2 0.070102 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1272

Frame 2 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 0, Ack: 1, Len: 0

No. Time Source Destination Protocol Info 3 0.070113 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=1 Win=64240 Len=0

Frame 3 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 1, Len: 0

No. Time Source Destination Protocol Info 4 0.307679 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=1 Ack=1 Win=8192 Len=4

Frame 4 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 1, Ack: 1, Len: 4 Data (4 bytes)

0000 01 03 00 00 ....

No. Time Source Destination Protocol Info 5 0.469048 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=5 Win=64236 Len=0

Frame 5 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 5, Len: 0

No. Time Source Destination Protocol Info 6 0.611889 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=5 Ack=1 Win=8192 Len=4

Frame 6 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 5, Ack: 1, Len: 4 Data (4 bytes)

0000 00 28 45 d4 .(E.

No. Time Source Destination Protocol Info 7 0.770786 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=9 Win=64232 Len=0

Frame 7 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 9, Len: 0

No. Time Source Destination Protocol Info 8 0.844691 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=9 Ack=1 Win=8192 Len=16

Frame 8 (70 bytes on wire, 70 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 9, Ack: 1, Len: 16 Data (16 bytes)

0000 04 04 00 00 00 04 f1 9c 05 04 00 00 00 04 f0 4d ...............M

No. Time Source Destination Protocol Info 9 0.971938 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=25 Win=64216 Len=0

Frame 9 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 25, Len: 0

No. Time Source Destination Protocol Info 10 1.223043 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=25 Ack=1 Win=8192 Len=4

Frame 10 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 25, Ack: 1, Len: 4 Data (4 bytes)

0000 01 03 00 00 ....

No. Time Source Destination Protocol Info 11 1.374267 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=29 Win=64212 Len=0

Frame 11 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 29, Len: 0

No. Time Source Destination Protocol Info 12 1.527900 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=29 Ack=1 Win=8192 Len=4

Frame 12 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 29, Ack: 1, Len: 4 Data (4 bytes)

0000 00 28 45 d4 .(E.

No. Time Source Destination Protocol Info 13 1.676000 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=33 Win=64208 Len=0

Frame 13 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 33, Len: 0

No. Time Source Destination Protocol Info 14 1.782730 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=33 Ack=1 Win=8192 Len=8

Frame 14 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 33, Ack: 1, Len: 8 Data (8 bytes)

0000 04 04 00 00 00 04 f1 9c ........

No. Time Source Destination Protocol Info 15 1.977738 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=41 Win=64200 Len=0

Frame 15 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 41, Len: 0

No. Time Source Destination Protocol Info 16 2.155914 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=41 Ack=1 Win=8192 Len=8

Frame 16 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 41, Ack: 1, Len: 8 Data (8 bytes)

0000 05 04 00 00 00 04 f0 4d .......M

No. Time Source Destination Protocol Info 17 2.279483 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=49 Win=64192 Len=0

Frame 17 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 49, Len: 0

No. Time Source Destination Protocol Info 18 2.344600 10.103.101.141 142.152.5.87 TCP rtcm-sc104 > esp-encap [PSH, ACK] Seq=49 Ack=1 Win=8192 Len=8

Frame 18 (62 bytes on wire, 62 bytes captured) Ethernet II, Src: VstTechn_07:48:00 (00:d0:01:07:48:00), Dst: Vmware_9d:42:ae (00:50:56:9d:42:ae) Internet Protocol, Src: 10.103.101.141 (10.103.101.141), Dst: 142.152.5.87 (142.152.5.87) Transmission Control Protocol, Src Port: rtcm-sc104 (2101), Dst Port: esp-encap (2797), Seq: 49, Ack: 1, Len: 8 Data (8 bytes)

0000 01 03 00 00 00 28 45 d4 .....(E.

No. Time Source Destination Protocol Info 19 2.480628 142.152.5.87 10.103.101.141 TCP esp-encap > rtcm-sc104 [ACK] Seq=1 Ack=57 Win=64184 Len=0

Frame 19 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Vmware_9d:42:ae (00:50:56:9d:42:ae), Dst: All-HSRP-routers_63 (00:00:0c:07:ac:63) Internet Protocol, Src: 142.152.5.87 (142.152.5.87), Dst: 10.103.101.141 (10.103.101.141) Transmission Control Protocol, Src Port: esp-encap (2797), Dst Port: rtcm-sc104 (2101), Seq: 1, Ack: 57, Len: 0

asked 05 May '11, 11:24

jkherrera's gravatar image

jkherrera
1112
accept rate: 0%

edited 05 May '11, 13:21


The 3-way-handshake completes normally and then host 10.103.101.141 starts to send data, which gets ACKed by 142.152.5.87 and this repeats. It also looks like the data that is sent is repeated after a while.

So I'm not sure what kind of service should be running on 10.103.101.141:2101, but it seems that at the TCP level the connection is made properly, but at the application level, the systems don't quite understand one-another.

permanent link

answered 05 May '11, 15:42

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×36

question asked: 05 May '11, 11:24

question was seen: 6,753 times

last updated: 05 May '11, 15:42

p​o​w​e​r​e​d by O​S​Q​A