Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vasudeva
Explorer
Jump to solution

EndPoint Security build 98612002 fails to manage SACK - Retransmits weird TCP sequence.

Working with build 98612002 happens that some http sessions finish abnormally. Surelly it is a bug, but I couldn´t find it.

Wireshark analysis of TCP sequences show the following situation where the client sends a weird retransmission triggered by a DUPLICATED ACK with SACK.

MSS= 1310, TCP OPTIONS: SACK permitted.

PDU: 2102 -> Client sends SEQ 37081 - TCP PAYLOAD: 1310 bytes   * SEQ 37081 is actually being waited by Server (see PDU 2101)

PDU: 2103 -> Client sends SEQ 37081 - TCP PAYLOAD: 1310 bytes

PDU: 2104 -> Server sends DUPACK - SEQ 37081 already sent in PDU 1976, but SACK indicates it already received block seq 38391 to 39095 (excluded 39095)

PDU: 2105 --> Client retransmits weird SEQ 37785

PDU :2106 -> Server sends DUPACK - SEQ 37081 already sent in PDU , but SACK indicates it already received block seq 38391 to 39095 (excluded 39095) and adds weird block 37785-39095.

PDU: 2107 to 2111: Client sends, correctly this time, the lost segment but Server seems disconnected

PDU:2112: Client sends RESET/ACK

PDU 2113: Server sends DUPACK - SEQ 37081 already sent in PDU , but SACK changed to weird block 37785-39095 only.

PDU:2112: Client sends RESET

Please, note that bytes 37081 to 37785 remained missing!!! CLIENT IS NO WORKING PROPERLY.

 

PDU

SEQ

NEXT

ACK

NOTAS

2101

37081

37081

279686

ACK #1975

2102

37081

38391

279686

GET /Common/css/DisplayReport.css HTTP/1.1\r\n     [1310]

2103

38391

39095

279686

GET /Common/css/DisplayReport.css HTTP/1.1\r\n       [704]

2104

279686

279686

37081

DUPACK (2101#1) – SACK 38391-39095

2105

37785

39095

279686

RETX ¿De dónde sale esa SEQ 37785?

2106

279686

279686

37081

DUPACK (2101#2) – SACK 38391-39095  37785-39095

2107

37081

38391

279686

RETX #2102

2108

37081

38391

279686

 

 

RETX #2102

2109

37081

38391

279686

RETX #2102  RetX  seq esperada, sin respuesta.

2110

37081

38391

279686

RETX #2102

2111

37081

38391

279686

RETX #2102

2112

38391

38391

279686

RESET ACK DEL CLIENTE (más de 9 segundos sin respuesta)

2113

279686

279686

37081

DUPACK (2101#3) – SACK 37785-39095

2114

37081

0

n/a

RESET DEL CLIENTE

2 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events