问题描述
从数据包捕获文件(pcap)中,在TCP握手期间观察以下内容
From packet capture file(pcap), observing the following during the TCP Handshake
客户端向服务器发送SYN请求,服务器以SYN数据包而不是SYN + ACK进行响应,客户端响应出乱序包消息,服务器终止带有RST数据包的TCP握手
Client sends SYN request to Server,Server responds with SYN packet instead of SYN+ACK,Client responds with Out of Order packet message,Server terminates the TCP handshake with RST packet
这是随机发生的,并非总是如此. TCP连接确实可以建立,但有时连接建立会因上述观察到的模式而失败.
This occurs randomly and not always. TCP connections do get established but sometimes connection establishment fails with above observed pattern.
客户端托管在AWS中,而服务器是CDN网络
The client is hosted in AWS, while the server is a CDN network
推荐答案
如果套接字在TIME_WAIT上并且附加了新的syn,则内核将检查SYN的SEQ号是否大于或小于最后一个SEQ.为此收到了正在使用的套接字.
If a socket is on TIME_WAIT and new syn is appended the kernel will check to see if the SEQ number of the SYN is greater than or less than the last SEQ received for this the socket being used.
您可以查看以下信息/答案:
you can review this post/answer: https://serverfault.com/questions/297134/server-not-sending-a-syn-ack-packet-in-response-to-a-syn-packet
通常情况下,如果发送了一个SYN而接收到另一个SYN而没有ACK,则通常只是线路上的ACK丢失(尤其是在您的情况下).每当您从A(客户端)到B(服务器)的路由很短并且从服务器到客户端的数据包路径特别长并且在无法保证可靠的数据包在更远距离上传输的网络上遍历时,这种情况就很普遍.如果您在线路上丢失了ACK,则倾向于从客户端找到一条RST消息,本质上是要求服务器重新启动.
Typically if a SYN is Sent and another SYN is recieved without an ACK it is generally just a loss of the ACK over the line (especially in your case). this is prevalent whenever your route from A(client) to B(Server) is short AND your packets path from server to client is especially long and traverses over a network that may not be able to guarantee reliable packet travel over the substantially greater distance. IF you are losing your ACK over the line you will tend to find a RST message from the client, essentally asking the server to start again.
另一种可能性是某种要求.通常,客户端将以len:xx推送PSH,ACK信号,其中x是请求长度的数字.服务器通常会以ACK响应,告知客户端它已接收到请求并且服务器正在处理(此ACK通常为空.)然后它将向客户端推送PSH,ACK-len:xx数据包,以使客户端知道它已经接受了它的请求,并且该数据包中将包含信息.
The other possibility is a request of some kind. typically where the client will push a PSH, ACK signal with a len: xx where x is a number of the requested length. the server will typically respond with an ACK telling the client that it recieved its request and the server is processing (this ACK is typically empty.) it will then push a PSH, ACK - len: xx packet to the client to let the client know it has accepted its request and this packet will have information in it.
使用Wireshark监视此信息(非恶意地)通常可以帮助您了解情况,只需确保学习(如果您还不知道)如何过滤数据包,否则您将会发现很多信息(通常).
Monitoring this information (non-maliciously) with wireshark will typically help spread some light on your situation, just be sure to learn (if you don't already know) how to filter your packets, otherwise you will have a lot of information to dig through (typically).
我还将尝试将一个数据包发送到有问题的服务器,您可以对其进行跟踪以查看其是否被引导到人迹罕至的地方.如果您的数据包在循环中跳跃以到达目的地,则很有可能在返回途中做同样的事情. 如果您愿意,可以尝试使用tcpdump(linux)或tracert(windows).
I would also attempt to send a packet to the server in question that you can trace to see if its being directed off of the beaten path. If your packets are jumping through loops to make its destination it is extremely likely that its doing the same thing on the way back. if you'd like you can try using tcpdump(linux) or tracert(windows).
希望这会有所帮助!
这篇关于TCP:SYN请求收到SYN响应而不是SYN-ACK的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!