On Dec 23 20:17:23, Jan Stary wrote:
Speculation: this looks to me like an end of a valid http session:
an internal clients reads a web page, and probably a few images,
everything goes through, but the last FIN does not. The first SYN
creates state that lets the subsequent packets through.
All of these FINs go through, but never receive an ACK (why?).
Because the other side sucks and decided to violate the TCP RFC by fast
closing connections without waiting proper session shutdown to free
sockets quickly and since that is not enough they even decided to not
send a RST back
On Dec 22 19:54:28, Forman, Jeffrey wrote:
On Wed, Dec 22, 2010 at 5:41 PM, Jan Stary h...@stare.cz wrote:
Speculation: this looks to me like an end of a valid http session:
an internal clients reads a web page, and probably a few images,
everything goes through, but the last FIN does
Timing. State has probably timed out before the blocked packets are
received. Log the whole conversation - both ways for both Firefox and lynx.
On 12/23/10 12:47 AM, Jan Stary wrote:
On Dec 22 19:54:28, Forman, Jeffrey wrote:
On Wed, Dec 22, 2010 at 5:41 PM, Jan Staryh...@stare.cz wrote:
set skip on lo
set block-policy drop
set timeout tcp.finwait 900
set timeout tcp.closing 900
(There also an adaptive setting based on load)
Your client, if its really a mac, may have a sysctl like
...net.inet.tcp.finwait2_timeout: 6
...
Speculation: this looks to me like an end of a valid http session:
an internal clients reads a web page, and probably a few images,
everything goes through, but the last FIN does not. The first SYN
creates state that lets the subsequent packets through. Doesn't the
last FIN belong to the same
On Thu, Dec 23, 2010 at 08:17:23PM +0100, Jan Stary wrote:
Speculation: this looks to me like an end of a valid http session:
an internal clients reads a web page, and probably a few images,
everything goes through, but the last FIN does not. The first SYN
creates state that lets the
On Wed, Dec 22, 2010 at 5:41 PM, Jan Stary h...@stare.cz wrote:
Speculation: this looks to me like an end of a valid http session:
an internal clients reads a web page, and probably a few images,
everything goes through, but the last FIN does not. The first SYN
creates state that lets the
8 matches
Mail list logo