From the ethreal packet capture, I see the following behaviour which appears quite strange to me:
Client --> Server [SYN]
Server --> Client [SYN, ACK]
Client --> Server [ACK]
Server --> Client [FIN, ACK]
Client --> Server [ACK]
Client --> Server [TCP Segment of a reassembled PDU] (I don't know what this means)
Server --> Client [RST]
Any ideas as to why this could be happening?
Also, the Server Port is 6000. Could that cause any problem?
My other doubts:
EDIT: After some more analysis, I found if the number of file descriptors have exceeded the limit then a FIN is sent by the Server. But, in this case it doesn't appear that the file descriptors have exceeded the limit. For what other scenarios can this happen?
If there are messages to be sent from the server to the client, the server sends it. The server sends a FIN message to the client. The client receives the server's FIN message and ACKs it to the server. The server receives the client's ACK and closes the connection on the server-side.
TCP SYN-FIN Packets— SYN packets are sent to create a new TCP connection. TCP FIN packets are sent to close a connection. A packet in which both SYN and FIN flags are set should never exist. Therefore these packets might signify an attack on the device and should be blocked.
The FIN flag indicates the end of data transmission to finish a TCP connection.
[ACK] is the acknowledgement that the previously sent data packet was received. [FIN] is sent by a host when it wants to terminate the connection; the TCP protocol requires both endpoints to send the termination request (i.e. FIN ). and then host B wants to close the connection.
Upon deep analysis, the following was found to be the reason of the problem:
When a Client tries TCP connect, even if the server is not currently calling accept, the connection will pass. This will happen if server has called 'listen' function and it will keep accepting the connections till backlog limit is reached.
But, if the application process exceeds the limit of max file descriptors it can use, then when server calls accept, then it realizes that there are no file descriptors available to be allocated for the socket and fails the accept call and the TCP connection sending a FIN to other side.
I just though of posting this finding here. I am still leaving the accepted answer as that of Habbie's.
Thanks to all those who answered this question.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With