This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[SYN ACK] seq=1 ack=1 / Is it Possible??(Nomal 3hand shake)

0

I need your help~

10.1.1.1 -> 10.1.1.2 [SYN] seq=0
10.1.1.1 -> 10.1.1.2 [SYN] seq=0 >>> Retransmission
10.1.1.2 -> 10.1.1.1 [SYN/ACK] seq=0 ack=1 >>> Nomal tcp 3 hand shake syn/ack
10.1.1.2 -> 10.1.1.1 [SYN/ACK] seq=1 ack=1 <<<< what's this?
10.1.1.1 -> 10.1.1.2 [ACK]
10.1.1.1 -> [RST/ACK] seq=1 ack=1
10.1.1.1 -> [RST] seq=1


All packet has same tcp port number
Have you ever seen syn/ack packet has seq=1 ?

asked 03 Feb '15, 23:04

Ju%20Hoon%20Cha's gravatar image

Ju Hoon Cha
1111
accept rate: 0%

edited 04 Feb '15, 16:18

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

0

Looks broken, but can't say for sure with relative sequence numbers. Things like this need to be diagnosed with absolute sequence numbers, no exceptions. You can disable relative sequence numbers in the TCP protocol preferences.

My guess is that 10.1.1.2 is doing something wrong, which would also explain the RST packets.

answered 04 Feb '15, 00:37

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%