Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why will a TCP Server send a FIN immediately after accepting a connection?

Tags:

tcp

From the ethreal packet capture, I see the following behaviour which appears quite strange to me:

Client --> Server  [SYN]
Server --> Client  [SYN, ACK]
Client --> Server  [ACK]
Server --> Client  [FIN, ACK]
Client --> Server  [ACK]
Client --> Server  [TCP Segment of a reassembled PDU] (I don't know what this means)
Server --> Client  [RST]

Any ideas as to why this could be happening?

Also, the Server Port is 6000. Could that cause any problem?

My other doubts:

  1. Why is there a FIN, ACK? Shouldn't it be only FIN? What is the meaning of the ACK in that message?
  2. Shouldn't there be a FIN from Client also?

EDIT: After some more analysis, I found if the number of file descriptors have exceeded the limit then a FIN is sent by the Server. But, in this case it doesn't appear that the file descriptors have exceeded the limit. For what other scenarios can this happen?

like image 845
Jay Avatar asked Oct 06 '10 07:10

Jay


People also ask

Why do servers send fins?

If there are messages to be sent from the server to the client, the server sends it. The server sends a FIN message to the client. The client receives the server's FIN message and ACKs it to the server. The server receives the client's ACK and closes the connection on the server-side.

What happens when a fin packet is sent?

TCP SYN-FIN Packets— SYN packets are sent to create a new TCP connection. TCP FIN packets are sent to close a connection. A packet in which both SYN and FIN flags are set should never exist. Therefore these packets might signify an attack on the device and should be blocked.

What does Fin mean in TCP?

The FIN flag indicates the end of data transmission to finish a TCP connection.

Why does TCP FIN ACK?

[ACK] is the acknowledgement that the previously sent data packet was received. [FIN] is sent by a host when it wants to terminate the connection; the TCP protocol requires both endpoints to send the termination request (i.e. FIN ). and then host B wants to close the connection.


1 Answers

Upon deep analysis, the following was found to be the reason of the problem:

When a Client tries TCP connect, even if the server is not currently calling accept, the connection will pass. This will happen if server has called 'listen' function and it will keep accepting the connections till backlog limit is reached.

But, if the application process exceeds the limit of max file descriptors it can use, then when server calls accept, then it realizes that there are no file descriptors available to be allocated for the socket and fails the accept call and the TCP connection sending a FIN to other side.

I just though of posting this finding here. I am still leaving the accepted answer as that of Habbie's.

Thanks to all those who answered this question.

like image 168
Jay Avatar answered Oct 15 '22 08:10

Jay