The service in question is FTP_DL with proxy between client and server. The problem is that proxy sends 2 SYNs with different sequence numbers over the same port and from same IP address. To the first SYN server responds with SYN,ACKs, but to the second it responds with ACK with unexpected seq/ack values. After receiving unexpected ACK, proxy RSTs the connection. Can anyone tell me, why does the server send such ACK? Here are the details: Client sends a SYN (sequence number = c1ef8b59) in order to establish the TCP connection with proxy. Proxy sends a SYN (seq=fa23e9d9) to the server in order to establish a TCP connection with the server. Server responds with multiple SYN,ACKs (seq=9ad421d5, ack=fa23e9da). None of the SYN,ACKs arrive to the client because proxy RSTs the connection to client. After RST client sends a new SYN (seq=c1ef8b59 - same as the last time). Proxy sends a new SYN to server over the same port with the same IP, but different sequence number = 5625cb85. The server responds with ACK (seq=9ad421d6, ack=fa23e9da). Proxy sends RST (seq=fa23e9da, ack= broken TCP, ack field is non zero while ACK flag is not set). Thnx asked 12 Oct '11, 09:00  brklp edited 26 Feb '12, 21:28  cmaynard ♦♦ |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
