Wireshark mailing list archives
Re: Why does server resend SYN+ACK?
From: Stuart Kendrick <skendric () fhcrc org>
Date: Sun, 06 May 2012 06:12:57 -0700
Hi Andrej,
I'm having similar trouble telling a story around that.
As though Frame #3 had not arrived at the Server (85.17.148.76) ... if
that were the case, then the trace would make more sense. However, you
say that you captured /on/ the Server ... so, minimally, libpcap saw
Frame #3 ... I would expect the TCP stack to receive a copy as well.
(1) Does anyone know of circumstances under which libpcap acquires a
copy of a frame while the TCP stack does not?
(2) Does the TCP stack report problems ( 'bad segments received') right
after this experience?
linux> netstat -s
[...]
Tcp:
372 active connections openings
4509 passive connection openings
120 failed connection attempts
2 connection resets received
1 connections established
43095 segments received
33255 segments send out
0 segments retransmited
0 bad segments received.
120 resets sent
(3) Would you be willing to post a detailed view of Frames 1-3?
--sk
On 5/5/2012 10:00 PM, Andrej van der Zee wrote:
Hi, I am experiencing some weird behavior in the network traffic between a mobile device and an Apache server 2.2 running on Linux (tried Ubuntu and CentOS). See attachment for a packet capture on the server. The client establishes a connection with the server in packet 1-3. Then, for some unknown reason, the client does not send any HTTP request. After 3 seconds, the server resends the SYN+ACK. I am trying to understand what is going on here and why would TCP/IP resend the SYN+ACK in packet 4? Thanks, Andrej ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Why does server resend SYN+ACK? Andrej van der Zee (May 05)
- Message not available
- Re: Why does server resend SYN+ACK? Andrej van der Zee (May 06)
- Message not available
- Re: Why does server resend SYN+ACK? Stuart Kendrick (May 06)
- Re: Why does server resend SYN+ACK? Andrej van der Zee (May 06)
- Re: Why does server resend SYN+ACK? Stuart Kendrick (May 06)
- Re: Why does server resend SYN+ACK? Andrej van der Zee (May 06)