[rlug] Re: TCP(Linux offtopic)

[Alex 'CAVE' Cernat]

Uite mai jos un tcpdump, practic un telnet pe 80, get / si vreo 2
enteruri ( o cerere simpla http). Practic clientul trimite SYN, serverul
raspunde cu SYN-ACK si apoi clientul trimite inca un ACK; la fiecare
pachet trimis de client serverul trimite ack inapoi. Ce nu inteleg eu:
un pachet cu FIN poate sa aiba si date in el ? Eu parca stiam ca e
pachet special, dar se pare ca nu e asa. Ca de obicei ma aberez, ca mai
erau 2 linii in bufferul de grep. Dupa cum stiam FIN-ul e separat.
Un singur lucru nu inteleg: de ce draq apare un FIN de la server la
client inaintea pachetului de date ? Sau pur si simplu e de la libpcap,
care nu respecta 100% ordinea pachetelor la captare ?

15:51:30.099199 client.35637 > SERVER.http: S 621489027:621489027(0) win
5840 <mss 1460,sackOK,timestamp 16069608 0,nop,wscale 0> (DF) [tos 0x10]
15:51:30.122330 SERVER.http > client.35637: S 1868695073:1868695073(0)
ack 621489028 win 5792 <mss 1432,sackOK,timestamp 254920
16069608,nop,wscale 0> (DF)
15:51:30.122387 client.35637 > SERVER.http: . ack 1 win 5840
<nop,nop,timestamp 16069611 254920> (DF) [tos 0x10]
15:51:37.431238 client.35637 > SERVER.http: P 1:17(16) ack 1 win 5840
<nop,nop,timestamp 16070342 254920> (DF) [tos 0x10]
15:51:37.452990 SERVER.http > client.35637: . ack 17 win 5792
<nop,nop,timestamp 255653 16070342> (DF)
15:51:37.623187 client.35637 > SERVER.http: P 17:19(2) ack 1 win 5840
<nop,nop,timestamp 16070361 255653> (DF) [tos 0x10]
15:51:37.648137 SERVER.http > client.35637: . ack 19 win 5792
<nop,nop,timestamp 255672 16070361> (DF)
15:51:37.648395 SERVER.http > client.35637: F 469:469(0) ack 19 win 5792
<nop,nop,timestamp 255672 16070361> (DF)
15:51:37.648428 client.35637 > SERVER.http: . ack 1 win 5840
<nop,nop,timestamp 16070363 255672,nop,nop,sack sack 1 {469:470} > (DF)
[tos 0x10]
15:51:37.650972 SERVER.http > client.35637: P 1:469(468) ack 19 win 5792
<nop,nop,timestamp 255672 16070361> (DF)
15:51:37.651754 client.35637 > SERVER.http: F 19:19(0) ack 470 win 6432
<nop,nop,timestamp 16070364 255672> (DF) [tos 0x10]
15:51:37.659281 SERVER.http > client.35637: . ack 20 win 5792
<nop,nop,timestamp 255675 16070364> (DF)

Alex