<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Ho Jacop,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>When you generate traffic using the winpcap,
the system does not know </FONT><FONT face=Arial size=2>about this
traffic</FONT></DIV>
<DIV><FONT face=Arial size=2> (the system does not expect to recieve
any syn+ack because it has never been send a syn by the
system).</FONT></DIV>
<DIV><FONT face=Arial size=2>This is a normal behaivor. If your send a syn+ack
to any machine a reset will be result.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The only solution is that you use a alternative mac
address and ip adresss from your winpcap application or you can</FONT></DIV>
<DIV><FONT face=Arial size=2>disabled the tcp /ip stack to work with the ip of
the own application, you must create a small stack of tcp/ip
functions,</FONT></DIV>
<DIV><FONT face=Arial size=2>and arp functions like arp response and request .
arp table, etc.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>David Rodriguez</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=jacob.gnarly@gmail.com href="mailto:jacob.gnarly@gmail.com">Jacob
Gnarly</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, March 15, 2006 6:04
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] TCP stack
resets connections established byWinPCap on XP SP2</DIV>
<DIV><BR></DIV>Well, I can't say I understand the solution but I have found
the cause of the strange SYN+ACK resetting behavior: the XP firewall. I had
disabled my firewall earlier in the week trying to eliminate possible causes
of strange behavior. I have fixed several other bugs in the application since
then but was never able to resolve the SYN+ACK -> RST problem. On a whim I
turned my firewall back on and the application started working! Thanks for
your help (the RFC was a good read). <BR><BR>Jacob<BR><BR>
<DIV><SPAN class=gmail_quote>On 3/15/06, <B class=gmail_sendername>Jacob
Gnarly</B> <<A
href="mailto:jacob.gnarly@gmail.com">jacob.gnarly@gmail.com</A>>
wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV style="DIRECTION: ltr">Thanks for the quick response. I'll check it out
and post the result back to this thread.<BR></DIV>
<DIV style="DIRECTION: ltr"><SPAN class=sg><BR>Jacob</SPAN></DIV>
<DIV style="DIRECTION: ltr"><SPAN class=e id=q_109feacdbb1cec82_2><BR><BR>
<DIV><SPAN class=gmail_quote>On 3/14/06, <B class=gmail_sendername>Guy
Harris</B> <<A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:guy@alum.mit.edu" target=_blank> guy@alum.mit.edu</A>>
wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">Jacob
Gnarly wrote:<BR>> I hope someone has already seen strange behavior
like this and can point <BR>> me in the right direction. I "inherited"
an application which creates a<BR>> TCP connection with a remote host,
sends a small number of packets, and<BR>> terminates the connection.
The odd behavior that I am finding is that on <BR>> some XP SP2 systems
the TCP session works just like you would expect<BR>> while other
systems have the connection terminated prematurely by the<BR>>
originator's TCP stack. Instead of the expected SYN/SYN_ACK/ACK
<BR>> handshake the originator's TCP stack generates a RST packet as
soon as<BR>> it receives the SYN_ACK packet back from the remote system
and then the<BR>> WinPCap program responds with an ACK packet as
follows: <BR>> SYN/SYN_ACK/RST/ACK.<BR><BR>Capture a network trace,
look at RFC 793, and see whether the sender of<BR>the SYN+ACK packet is
violating the TCP spec in some fashion (including<BR>"the ACK of the SYN
was already sent).
<BR>_______________________________________________<BR>Winpcap-users
mailing list<BR><A onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:Winpcap-users@winpcap.org"
target=_blank>Winpcap-users@winpcap.org </A><BR><A
onclick="return top.js.OpenExtLink(window,event,this)"
href="https://www.winpcap.org/mailman/listinfo/winpcap-users"
target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR></BLOCKQUOTE></DIV><BR></SPAN></DIV></BLOCKQUOTE></DIV><BR>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>