>Servers are supposed to send RST packets when they do that, but not all >servers do it, and not all clients recognize those RST packets as >indicating that the document they just downloaded is incomplete
Most of the clients do recognize and most web servers do correctly apply use of RST and FIN for TCP/IP HTTP connection ending. Problem is that some (most?)Proxy servers (nontransparent and probably also transparent) DO NOT. I tested 4 different proxy servers if they pass RST to client's browser when original web server sent RST. All sent FIN instead of RST :(. (I Did this test as I found other web apps. problems resulting from this proxy behavior) If anybody knows proxy which behaves 'correctly,' pls let me know. Regards David Farinic -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Eaton Sent: Wednesday, May 31, 2006 2:25 PM To: [EMAIL PROTECTED] Cc: [email protected]; Edward Pearson Subject: Re: [Full-disclosure] abnormal behavior Gmail logon On 5/31/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Wed, 31 May 2006 09:23:08 BST, Edward Pearson said: > > This isn't abnormal or weird, It happens when your internet connection > > is fairly slow and its because you sometimes receive incomplete headers > > for the page (broken or garbled) > > If you have noisy hardware that's mangling data in transit, the mangling will > *usually* be detected by the checksums on each IP packet. The reason your > connection gets slow is because if a corruption is detected, the packet gets > thrown out, and needs to be retransmitted by the sending system. It is actually possible that the data sent in the HTTP connection is getting mangled even though the TCP checksums are correct. In one mode of operation, HTTP allows a server to indicate when a document is complete simply by closing a TCP connection. If the server gets busy, it might decide your client is just too slow to be worth dealing with and close the connection early. Servers are supposed to send RST packets when they do that, but not all servers do it, and not all clients recognize those RST packets as indicating that the document they just downloaded is incomplete. Regards, Brian This mail was checked for viruses by GFI MailSecurity. GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
