Menu
Host_A tries to send some data to Host_B over TCP. Host_B is listening on port 8181. Both Host_A & Host_B are Linux boxes (Red Hat Enterprise). The TCP layer is implemented using Java NIO API.
Whatever Host_A sends, Host_B is unable to receive. Sniffing the data on wire using WireShark resulted in the following log:
1) Host_A (33253) > Host_B (8181): [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=513413781 TSER=0 WS=7
2) Host_B (8181) > Host_A (33253): [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
The logs show that Host_A sends a [SYN] flag to Host_B in order to establish connection. But instead of [SYN, ACK] Host_B responds with an [RST, ACK] which resets/closes the connection. This behavior is observed always.
I am wondering under what circumstance does a TCP listener sends [RST,ACK] in response to a [SYN]?
894
This is very simply that the port you are trying to connect to is not being listened to on the remote host. Either your service is not running on the host, or possibly it has been firewalled.
TCP Connection reset (RST, RST Ack) This may be because of a system errors or protocol errors. For example, a TCP ends receives a packet for which there is no connection. Receiving side will send a TCP RST to the remote, to close the connection and again setup if requires. The other ends sends the TCP RST Ack.
In TCP, packets with the "Reset" (RST or R) flag are sent to abort a connection. Probably the most common reason you are seeing this is that an SYN packet is sent to a closed port. But RST packets may be sent in other cases to indicate that a connection should be closed.
Normally, when it receives an RST or SYN message for an existing connection, TCP attempts to shut down the TCP connection. This action is expected under normal conditions, but someone maliciously generating otherwise valid RST or SYN messages can cause problems for network applications and the network as a whole.
RST, ACK means the port is closed. You sure Host_B is listening on the right IP/interface?
Also check your firewall for a -j REJECT --reject-with tcp-reset
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
