TCP connection establishment && SYN_RECV state - TCP-IP

This is a discussion on TCP connection establishment && SYN_RECV state - TCP-IP ; Hello! I have apache installed and configured on server called "develop". Lets connect to the server via telnet: olimpico_work ~ # telnet develop 80 Trying 192.168.70.201... Connected to develop. Escape character is '^]'. ^]quit telnet> quit Connection closed. olimpico_work ~ ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: TCP connection establishment && SYN_RECV state

  1. TCP connection establishment && SYN_RECV state

    Hello!

    I have apache installed and configured on server called "develop".
    Lets connect to the server via telnet:

    olimpico_work ~ # telnet develop 80
    Trying 192.168.70.201...
    Connected to develop.
    Escape character is '^]'.
    ^]quit

    telnet> quit
    Connection closed.
    olimpico_work ~ #


    As you can see the connection was successfully established.
    The output of tcpdump on the client side confirms this:

    olimpico_work ~ # tcpdump -i eth1 host develop and port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol
    decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    11:23:44.187263 IP krivenok.41234 > develop.http: S
    2779819717:2779819717(0) win 5840 0,nop,wscale 7>
    11:23:44.187387 IP develop.http > krivenok.41234: S
    107518013:107518013(0) ack 2779819718 win 5792 1460,sackOK,timestamp 15521524 1348338,nop,wscale 2>
    11:23:44.187423 IP krivenok.41234 > develop.http: . ack 1 win 46



    11:23:57.346185 IP krivenok.41234 > develop.http: F 1:1(0) ack 1 win
    46
    11:23:57.346368 IP develop.http > krivenok.41234: F 1:1(0) ack 2 win
    1448
    11:23:57.346405 IP krivenok.41234 > develop.http: . ack 2 win 46


    6 packets captured
    6 packets received by filter
    0 packets dropped by kernel
    olimpico_work ~ #

    We see 3-way handshake and graceful connection termination in the
    output.

    netstat on the server side says:

    develop ~ # netstat -na | grep "70.198" | grep 80
    tcp 0 0 192.168.70.201:80 192.168.70.198:41234
    ESTABLISHED
    develop ~ #

    All works as expected.


    And now lets do the same test for another server called "develop2".

    olimpico_work ~ # telnet develop2 80
    Trying 192.168.70.205...
    Connected to develop2.
    Escape character is '^]'.
    ^]quit

    telnet> quit
    Connection closed.
    olimpico_work ~ #


    Please look at the output of tcpdump:

    olimpico_work ~ # tcpdump -i eth1 host develop2 and port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol
    decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    11:30:53.644916 IP krivenok.49819 > develop2.http: S
    2776473031:2776473031(0) win 5840 0,nop,wscale 7>
    11:30:53.645069 IP develop2.http > krivenok.49819: S
    874752337:874752337(0) ack 2776473032 win 5792 1460,sackOK,timestamp 6177317 1391155,nop,wscale 7>
    11:30:53.645104 IP krivenok.49819 > develop2.http: . ack 1 win 46

    11:30:57.245167 IP develop2.http > krivenok.49819: S
    874752337:874752337(0) ack 2776473032 win 5792 1460,sackOK,timestamp 6177677 1391155,nop,wscale 7>
    11:30:57.245214 IP krivenok.49819 > develop2.http: . ack 1 win 46

    11:31:03.247796 IP develop2.http > krivenok.49819: S
    874752337:874752337(0) ack 2776473032 win 5792 1460,sackOK,timestamp 6178277 1391515,nop,wscale 7>
    11:31:03.247837 IP krivenok.49819 > develop2.http: . ack 1 win 46

    11:31:15.255559 IP develop2.http > krivenok.49819: S
    874752337:874752337(0) ack 2776473032 win 5792 1460,sackOK,timestamp 6179477 1392114,nop,wscale 7>
    11:31:15.255603 IP krivenok.49819 > develop2.http: . ack 1 win 46

    11:31:39.466169 IP develop2.http > krivenok.49819: S
    874752337:874752337(0) ack 2776473032 win 5792 1460,sackOK,timestamp 6181897 1393312,nop,wscale 7>
    11:31:39.466216 IP krivenok.49819 > develop2.http: . ack 1 win 46



    11:31:46.678079 IP krivenok.49819 > develop2.http: F 1:1(0) ack 1 win
    46
    11:31:46.678314 IP develop2.http > krivenok.49819: F 1:1(0) ack 2 win
    46
    11:31:46.678353 IP krivenok.49819 > develop2.http: . ack 2 win 46


    14 packets captured
    14 packets received by filter
    0 packets dropped by kernel
    olimpico_work ~ #


    According to netstat the connection doesn't leave the SYN_RECV state:

    develop2 EQ-scripts # netstat -na | grep "70.198" | grep 80
    tcp 0 0 192.168.70.205:80 192.168.70.198:49819
    SYN_RECV
    develop2 EQ-scripts #

    We have the following packets exchange:

    -> SYN
    <- SYN/ACK
    -> ACK
    <- SYN/ACK
    -> ACK
    <- SYN/ACK
    -> ACK
    ....
    ....

    I can't understand why the connection stays in SYN_RECV state after
    receipt of ACK from client.

    Any ideas?

    Thank you beforehand!

  2. Re: TCP connection establishment && SYN_RECV state

    I run the same test again.
    This is the output of tcpdump on the _server_ side:

    develop2 EQ-scripts # tcpdump -i eth0 host 192.168.70.198 and port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol
    decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    11:44:40.458868 IP krivenok.internal.44560 > develop2.http: S
    896196718:896196718(0) win 5840 0,nop,wscale 7>
    11:44:40.461384 IP develop2.http > krivenok.internal.44560: S
    959167485:959167485(0) ack 896196719 win 5792 1460,sackOK,timestamp 6260093 1473788,nop,wscale 7>
    11:44:40.459054 IP krivenok.internal.44560 > develop2.http: . ack 1
    win 46
    11:44:44.255015 IP develop2.http > krivenok.internal.44560: S
    959167485:959167485(0) ack 896196719 win 5792 1460,sackOK,timestamp 6260473 1473788,nop,wscale 7>
    11:44:44.255231 IP krivenok.internal.44560 > develop2.http: . ack 1
    win 46
    11:44:50.257519 IP develop2.http > krivenok.internal.44560: S
    959167485:959167485(0) ack 896196719 win 5792 1460,sackOK,timestamp 6261073 1474167,nop,wscale 7>
    11:44:50.257738 IP krivenok.internal.44560 > develop2.http: . ack 1
    win 46
    11:45:03.592464 IP develop2.http > krivenok.internal.44560: S
    959167485:959167485(0) ack 896196719 win 5792 1460,sackOK,timestamp 6262273 1474766,nop,wscale 7>
    11:45:03.592679 IP krivenok.internal.44560 > develop2.http: . ack 1
    win 46
    11:45:27.794962 IP develop2.http > krivenok.internal.44560: S
    959167485:959167485(0) ack 896196719 win 5792 1460,sackOK,timestamp 6264693 1475963,nop,wscale 7>
    11:45:27.795178 IP krivenok.internal.44560 > develop2.http: . ack 1
    win 46
    11:45:38.087399 IP krivenok.internal.44560 > develop2.http: F 1:1(0)
    ack 1 win 46
    11:45:38.087487 IP develop2.http > krivenok.internal.44560: F 1:1(0)
    ack 2 win 46
    11:45:38.087688 IP krivenok.internal.44560 > develop2.http: . ack 2
    win 46
    ^C
    14 packets captured
    38 packets received by filter
    0 packets dropped by kernel
    develop2 EQ-scripts #

    As you can see ACK is received by the server.

  3. Re: TCP connection establishment && SYN_RECV state

    I checked firewall settings on the server and found
    that firewall is not configured:

    develop2 EQ-scripts # iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    develop2 EQ-scripts # iptables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    develop2 EQ-scripts # iptables -L -t mangle
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    develop2 EQ-scripts #

+ Reply to Thread