Ethereal-users: Re: [Ethereal-users] Advice on an HTTP request

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jack Jackson <jack@xxxxxxxxxxxxxxx>
Date: Wed, 14 Jan 2004 08:13:09 -0800
At 06:47 AM 1/13/2004, wrolf.courtney@xxxxxxxxxxxxxxx wrote:

1  C TCP  2394 > http [SYN] Seq=1716877397 Ack=0 Win=65535 Len=0
2  S TCP  http > 2394 [SYN, ACK] Seq=9296 Ack=1716877398 Win=2048 Len=0
3  C TCP  2394 > http [ACK] Seq=1716877398 Ack=9297 Win=65535 Len=0

Your client sent Seq=...97 in packet 1, but  Seq=...98 in packet 3, without
sending another byte.

The server ignores the data sent later, and is still waiting for the
missing byte.  Eventually it closes thet connection, when the client won't
send up the missing byte.

I don't think there is a missing byte. The SYN has a sequence of ...97. The SYN itself occupies a byte in the sequence, so the other end correctly sends an ACK for ...98. The third message correctly has a sequence of ...98.

1  C TCP  2394 > http [SYN] Seq=1716877397 Ack=0 Win=65535 Len=0
2  S TCP  http > 2394 [SYN, ACK] Seq=9296 Ack=1716877398 Win=2048 Len=0
3  C TCP  2394 > http [ACK] Seq=1716877398 Ack=9297 Win=65535 Len=0
4  C HTTP GET /titleMIH.gif HTTP/1.1
5  S TCP  http > 2394 [FIN, ACK] Seq=9297 Ack=1716877398 Win=2048 Len=0
6  C TCP  2394 > http [ACK] Seq=1716877667 Ack=9298 Win=65535 Len=0
7  C TCP  2394 > http [FIN, ACK] Seq=1716877667 Ack=9298 Win=65535 Len=0
8  S TCP  http > 2394 [ACK] Seq=9298 Ack=1716877398 Win=2048 Len=0
9  C HTTP GET /titleMIH.gif HTTP/1.1
10 S TCP  http > 2394 [ACK] Seq=9298 Ack=1716877667 Win=2048 Len=0
11 C TCP  2394 > http [FIN, ACK] Seq=1716877667 Ack=9298 Win=65535 Len=0
12 S TCP  http > 2394 [RST, ACK] Seq=9299 Ack=1716877668 Win=2048 Len=0

Here is what I think is happening:

Packet 1, client to server, SYN (requests a connection).
Packet 2, server to client, ACKs the SYN and sends it own SYN.
Packet 3, client to server, ACKs the server's SYN.
Packet 4, client to server, HTTP GET (apparently this packet had a checksum error). Packet 5, server to client, FIN (termination request), ACKs only the previous SYN.
Packet 6, client to server, ACKs the server's FIN.
Packet 7, client to server, FIN (termination request for other direction).
Packet 8, server to client, ACK the client's SYN (doesn't ACK the GET).
Packet 9, client apparently resends the GET.
Packet 10, server to client, ACKs the GET (but not the FIN).
Packet 11, client to server, resends FIN.
Packet 12, server to client, RST. The server now thinks the client has sent something illegal.

First, I don't know why the server would send FIN in packet 5. FIN should come from the http server process closing the connection - the checksum error should be invisible to that process, and I can't think of any reason the TCP stack would send a FIN on its own. Second, I don't think there is any violation of TCP protocol that would cause the server to send RST in packet 12, although I can imagine a TCP stack could be written that would think the resend of the FIN was a violation.