Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vasudeva
Explorer

EndPoint Security build 98612002 fails to manage SACK - Retransmits weird TCP sequence.

Jump to solution

Working with build 98612002 happens that some http sessions finish abnormally. Surelly it is a bug, but I couldn´t find it.

Wireshark analysis of TCP sequences show the following situation where the client sends a weird retransmission triggered by a DUPLICATED ACK with SACK.

MSS= 1310, TCP OPTIONS: SACK permitted.

PDU: 2102 -> Client sends SEQ 37081 - TCP PAYLOAD: 1310 bytes   * SEQ 37081 is actually being waited by Server (see PDU 2101)

PDU: 2103 -> Client sends SEQ 37081 - TCP PAYLOAD: 1310 bytes

PDU: 2104 -> Server sends DUPACK - SEQ 37081 already sent in PDU 1976, but SACK indicates it already received block seq 38391 to 39095 (excluded 39095)

PDU: 2105 --> Client retransmits weird SEQ 37785

PDU :2106 -> Server sends DUPACK - SEQ 37081 already sent in PDU , but SACK indicates it already received block seq 38391 to 39095 (excluded 39095) and adds weird block 37785-39095.

PDU: 2107 to 2111: Client sends, correctly this time, the lost segment but Server seems disconnected

PDU:2112: Client sends RESET/ACK

PDU 2113: Server sends DUPACK - SEQ 37081 already sent in PDU , but SACK changed to weird block 37785-39095 only.

PDU:2112: Client sends RESET

Please, note that bytes 37081 to 37785 remained missing!!! CLIENT IS NO WORKING PROPERLY.

 

PDU

SEQ

NEXT

ACK

NOTAS

2101

37081

37081

279686

ACK #1975

2102

37081

38391

279686

GET /Common/css/DisplayReport.css HTTP/1.1\r\n     [1310]

2103

38391

39095

279686

GET /Common/css/DisplayReport.css HTTP/1.1\r\n       [704]

2104

279686

279686

37081

DUPACK (2101#1) – SACK 38391-39095

2105

37785

39095

279686

RETX ¿De dónde sale esa SEQ 37785?

2106

279686

279686

37081

DUPACK (2101#2) – SACK 38391-39095  37785-39095

2107

37081

38391

279686

RETX #2102

2108

37081

38391

279686

 

 

RETX #2102

2109

37081

38391

279686

RETX #2102  RetX  seq esperada, sin respuesta.

2110

37081

38391

279686

RETX #2102

2111

37081

38391

279686

RETX #2102

2112

38391

38391

279686

RESET ACK DEL CLIENTE (más de 9 segundos sin respuesta)

2113

279686

279686

37081

DUPACK (2101#3) – SACK 37785-39095

2114

37081

0

n/a

RESET DEL CLIENTE

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Not clear how this question relates to a Security Gateway, which is where you posted this.
Also not clear how the Endpoint Security client even relates to this problem.
Where precisely was this capture taken?
Please provide more details about what you’re connecting to, the precise configuration involved on the endpoint client (what features/functions in use), anything about the environment that might provide some clue.
If you’re convinced it’s a bug, I suggest working with the TAC.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

Not clear how this question relates to a Security Gateway, which is where you posted this.
Also not clear how the Endpoint Security client even relates to this problem.
Where precisely was this capture taken?
Please provide more details about what you’re connecting to, the precise configuration involved on the endpoint client (what features/functions in use), anything about the environment that might provide some clue.
If you’re convinced it’s a bug, I suggest working with the TAC.

View solution in original post

vasudeva
Explorer

This issue was resolved upgradinge ENPOINT SECURITY to 986102405

0 Kudos