2
I used raw socket to build a tcp client program on machine A to reproduce tcp 3-way handshake with a simple regular tcp server on machine B
I captured packets on the client host and server host, and got the captured file as below
client: https://docs.google.com/file/d/0B09y_TWqTtwlZ1NleS1NNmR4Sk0/edit?usp=sharing
server: https://docs.google.com/file/d/0B09y_TWqTtwlc3lZUmNyV1R4X0k/edit?usp=sharing
there are 3 packets, SYN, SYN/ACK, AKC on the client side, the wireshark interace shows that this is a normal tcp 3-way handshake, but on the server side, it shows : tcp port numbers reused, what is wrong with this?
but when I use
netstat -tnp
I see the tcp connection has been established what is wrong with this? thanks!
user138126
Posted 2013-03-18T13:25:16.120
Reputation: 215
Your wireshark log is incomplete: On the server side, you should see the syn packet coming in from 201.109. I suspect I know what the problem is, but having more of the log would really be helpful. – MDMoore313 – 2013-03-18T13:52:52.777
The full wireshark log. Did you have any filters on when you saved the logs? You should turn them off if so. – MDMoore313 – 2013-03-18T14:29:44.780
they are the full wireshark log, the server machine is a PlanetLab node. so what do you guess are the potential reasons? – user138126 – 2013-03-18T14:40:05.120
besides, I see from netstat -tnp that the tcp connection is established, so I use raw socket to create some data packets, with the correct sequence number, ack_seq number , source port and destination port, but the server side doesn't receive the packet, why? – user138126 – 2013-03-18T14:41:37.757
So, you're saying that these two computers have no other network traffic on these interfaces? – MDMoore313 – 2013-03-18T14:43:48.950
on the server machine, I can only capture these 3 packets without using any filters. on the client machine there are some NFS data which are not due to my program – user138126 – 2013-03-18T14:45:04.710