[Winpcap-users] TCP stack resets connections established by
WinPCap on XP SP2
Guy Harris
guy at alum.mit.edu
Wed Mar 15 00:31:17 GMT 2006
Jacob Gnarly wrote:
> I hope someone has already seen strange behavior like this and can point
> me in the right direction. I "inherited" an application which creates a
> TCP connection with a remote host, sends a small number of packets, and
> terminates the connection. The odd behavior that I am finding is that on
> some XP SP2 systems the TCP session works just like you would expect
> while other systems have the connection terminated prematurely by the
> originator's TCP stack. Instead of the expected SYN/SYN_ACK/ACK
> handshake the originator's TCP stack generates a RST packet as soon as
> it receives the SYN_ACK packet back from the remote system and then the
> WinPCap program responds with an ACK packet as follows:
> SYN/SYN_ACK/RST/ACK.
Capture a network trace, look at RFC 793, and see whether the sender of
the SYN+ACK packet is violating the TCP spec in some fashion (including
"the ACK of the SYN was already sent).
More information about the Winpcap-users
mailing list