Why does listening server not return SYN/ACK when recieved SYN to TIME_WAIT socket?

Solution Unverified - Updated -

Issue

Why does listening server not return SYN/ACK when recieved SYN to TIME_WAIT socket?

  • Http server: 192.168.122.1 didn not return a SYN/ACK packet at 15:53:24.751472 in the following tcpdump. Why?
$ tcpdump -S -r http.cap port 40353
reading from file http.cap, link-type EN10MB (Ethernet)
15:53:04.259829 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [S], seq 2518290022, win 5840, options [mss 1460,sackOK,TS val 901255426 ecr 0,nop,wscale 2], length 0
15:53:04.259843 IP 192.168.122.1.http > 192.168.122.2.40353: Flags [S.], seq 927258300, ack 2518290023, win 5792, options [mss 1460,sackOK,TS val 394573207 ecr 901255426,nop,wscale 2], length 0
15:53:04.260032 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [.], ack 927258301, win 1460, options [nop,nop,TS val 901255427 ecr 394573207], length 0
15:53:04.260121 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [P.], seq 2518290023:2518290430, ack 927258301, win 1460, options [nop,nop,TS val 901255427 ecr 394573207], length 407
15:53:04.260131 IP 192.168.122.1.http > 192.168.122.2.40353: Flags [.], ack 2518290430, win 1716, options [nop,nop,TS val 394573207 ecr 901255427], length 0
15:53:04.260207 IP 192.168.122.1.http > 192.168.122.2.40353: Flags [P.], seq 927258301:927258680, ack 2518290430, win 1716, options [nop,nop,TS val 394573207 ecr 901255427], length 379
15:53:04.260236 IP 192.168.122.1.http > 192.168.122.2.40353: Flags [F.], seq 927258680, ack 2518290430, win 1716, options [nop,nop,TS val 394573207 ecr 901255427], length 0
15:53:04.260462 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [.], ack 927258680, win 1728, options [nop,nop,TS val 901255427 ecr 394573207], length 0
15:53:04.260511 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [F.], seq 2518290430, ack 927258681, win 1728, options [nop,nop,TS val 901255427 ecr 394573207], length 0
15:53:04.260521 IP 192.168.122.1.http > 192.168.122.2.40353: Flags [.], ack 2518290431, win 1716, options [nop,nop,TS val 394573208 ecr 901255427], length 0
15:53:24.751461 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [S], seq 3294045866, win 5840, options [mss 1460,sackOK,TS val 3992346020 ecr 0,nop,wscale 7], length 0
15:53:24.751472 IP 192.168.122.1.http > 192.168.122.2.40353: Flags [.], ack 2518290431, win 1716, options [nop,nop,TS val 394593698 ecr 901255427], length 0
15:53:24.751744 IP 192.168.122.2.40353 > 192.168.122.1.http: Flags [R], seq 2518290431, win 0, length 0

There must have been LISTEN and TIME_WAIT sockets on http server: 192.168.122.1 at 15:53:04.260521 as follows.

# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 :::80                       :::*                        LISTEN      7363/httpd          
tcp        0      0 192.168.122.1:80            192.168.122.1:40353         TIME_WAIT   -  
...skip

After the client sent a SYN packet at 15:53:24.751461, the http server returned a ACK packet for a FIN packet of the previous session, instead of sending a SYN/ACK at 15:53:24.751472. So the client sent a RST packet at 15:53:24.751744.

Environment

  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content