This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP REST after SYNC-ACK from Server

0

In my linux host, I noticed that linux is sending RESET just after it receives SYNC-ACK. Note that there is no active firewall in the box. If I reboot linux box, issue disappears, but same doesn't work after "service networking restart".

Here is capture screenshoot. https://s27.postimg.org/45fuwmz43/Capture.png

May I know no. of reasons for this scenario ?

As per @Jasper answer, here are more details. 1) I am using telnet host 80 to validate things 2) linux date command results seems right without any issue.

asked 20 Jan '17, 06:54

rajdip's gravatar image

rajdip
11115
accept rate: 0%

edited 20 Jan '17, 07:13


One Answer:

1

Either the client socket is closed already when the SYN/ACK arrives, or you've got timestamp problems, which is hard to tell because you posted an incomplete screenshot.

answered 20 Jan '17, 07:00

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Since I am using telnet to validate things, I keep open telnet until it says "Connection failed...."

(20 Jan '17, 07:15) rajdip
(20 Jan '17, 07:26) rajdip

Looks like its the timestamp value that does this. Check Christians answer in this question: https://ask.wireshark.org/questions/57774/syn-synack-rst-reason

(20 Jan '17, 07:28) Jasper ♦♦

Thanks a lot. It was tcp timestamps issue. It worked successfully after echo 0 > /proc/sys/net/ipv4/tcp_timestamps. I will make permanent changes in /etc/sysctl.conf

(20 Jan '17, 07:59) rajdip

Just out of curiosity: What OS do you exactly?

(20 Jan '17, 08:54) Christian_R

It's debian, running on ARM SBC.

(20 Jan '17, 22:10) rajdip
showing 5 of 6 show 1 more comments