I have a client establish new TCP connection then sends request to a server per second. Both client and server are on the same linux box (via loopback interface).

The client periodically reports socket error. After digging the network packets, the error seems related to the TCP problem:

50123 > 7001 [SYN] Seq=0 Win=32792 Len=0 MSS=16396 SACK_PERM=1 TSval=1326528350 TSecr=0 WS=128 [TCP ACKed lost segment] 7001 > 50123 [ACK] Seq=1 Ack=1834710718 Win=256 Len=0 TSval=1326528350 TSecr=1325798923 SLE=0 SRE=1 50123 > 7001 [RST] Seq=1834710718 Win=0 Len=0

I the above TCP segments, the client first send an TCP SYN to the server. In normal case, server should returns SYN-ACK with ack number=1, but in above snip, server returns ACK with wrong ack number=1834710718. Because the ack number is wrong, client RST the connection.

Any idea about this case?

  • 2,190
  • 1
  • 13
  • 10
  • From the looks of it, the server is not returning an ACK with the wrong number. Rather Wireshark is correct in telling you that there are missing segments. Specifically, you are missing the SYN/ACK response from the server, ACK from the client, and then at least one data frame from client to server... which is then ACK-ed by the server in the packet that you did capture. To me that shows that your packets are getting through (at least initially), but you are not capturing them. Is your pcap setup correct? – Jeremy Gibbons Jan 14 '16 at 06:37
  • My pcap setup: `tcpdump -B 40960 -i lo tcp port 5566 -nn -p -q -A -v -s 1024 -w capfile.cap` Note that there is no `kernel dropped packets` after close tcpdump. – petertc Jan 14 '16 at 06:53
  • 1
    Thinking about it again, it looks like you are using relative sequence numbers (and the Seq=0 bears that out). So the Ack value is bizarrely high. Could you be encountering the problem described here: in the second response ? Essentially, if you re-use the src-prt/dst-prt combination too quickly after a previous session was closed, the kernel gets confused and sends an ACK for the previsou session, rather than a SYN/ACK for the new one. – Jeremy Gibbons Jan 14 '16 at 07:49

0 Answers0