Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-12-2009, 09:11 AM   #1
LQ Newbie
Registered: May 2009
Posts: 2

Rep: Reputation: 0
TCP SYN Not Responding


I'm observing an issue with Linux(2.3), where is not responding to a SYN after a normal close. I checked the netstat and the connection doesn't exist. That means the connection is not in FIN_WAIT or TIME_WAIT state. The client app uses the same port and ip for the connection. On of my observation is that srever accepts the connection after 2-3 minutes not before that.

What i have observed is the SYN packet is not reaching the application. Do you think of any reason? How to debug this issue.


Attached Trace.
1. Client close the connection and reopen immediately. Working fine.
2. Client close the connection and reopen it, error SYN accepted after few retransmission

388 2009-05-05 17:57:50.507519000 TLSv1 Encrypted Alert
389 2009-05-05 17:57:50.507525000 TCP sip-tls > 6061 [FIN, ACK] Seq=41886 Ack=47941 Win=64128 Len=0 TSV=127682130 TSER=4114
390 2009-05-05 17:57:50.508637000 TCP 6061 > sip-tls [ACK] Seq=47941 Ack=41887 Win=8155 Len=0 TSV=4114 TSER=127682130
391 2009-05-05 17:57:50.508966000 TCP 6061 > sip-tls [FIN, ACK] Seq=47941 Ack=41887 Win=8192 Len=0 TSV=4114 TSER=127682130
392 2009-05-05 17:57:50.509106000 TCP sip-tls > 6061 [ACK] Seq=41887 Ack=47942 Win=64128 Len=0 TSV=127682130 TSER=4114
393 2009-05-05 17:57:50.538157000 TCP [TCP Port numbers reused] 6061 > sip-tls [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=0 TSV=4114 TSER=0
394 2009-05-05 17:57:50.538692000 TCP sip-tls > 6061 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=127682137 TSER=4114 WS=6
395 2009-05-05 17:57:50.538694000 TCP 6061 > sip-tls [ACK] Seq=1 Ack=1 Win=8192 Len=0 TSV=4114 TSER=127682137
396 2009-05-05 17:57:50.625459000 SSL Client Hello

Trace which Show the Error

409 2009-05-05 17:57:57.728156000 TLSv1 Encrypted Alert
410 2009-05-05 17:57:57.728643000 TCP sip-tls > 6061 [FIN, ACK] Seq=1640 Ack=335 Win=6912 Len=0 TSV=127683935 TSER=4129
411 2009-05-05 17:57:57.728645000 TCP 6061 > sip-tls [ACK] Seq=335 Ack=1641 Win=8155 Len=0 TSV=4129 TSER=127683935
412 2009-05-05 17:57:57.729766000 TCP 6061 > sip-tls [FIN, ACK] Seq=335 Ack=1641 Win=8192 Len=0 TSV=4129 TSER=127683935
413 2009-05-05 17:57:57.730839000 TCP sip-tls > 6061 [ACK] Seq=1641 Ack=336 Win=6912 Len=0 TSV=127683935 TSER=4129
414 2009-05-05 17:59:35.138533000 TCP [TCP Port numbers reused] 6061 > sip-tls [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=0 TSV=75 TSER=0
415 2009-05-05 17:59:40.951988000 TCP 6061 > sip-tls [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=0 TSV=86 TSER=0
416 2009-05-05 18:00:15.024207000 TCP [TCP Port numbers reused] 6061 > sip-tls [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=0 TSV=155 TSER=0
417 2009-05-05 18:00:15.024955000 TCP sip-tls > 6061 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=127718259 TSER=155 WS=6
418 2009-05-05 18:00:15.024958000 TCP 6061 > sip-tls [ACK] Seq=1 Ack=1 Win=8192 Len=0 TSV=155 TSER=127718259
419 2009-05-05 18:00:15.096919000 SSL Client Hello

Last edited by jijo2000; 05-12-2009 at 09:17 AM. Reason: Attached correct traces
Old 05-12-2009, 10:31 AM   #2
LQ Guru
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

Short answer:
"Yes, TCP/IP works on Linux 2.3" (and all current versions of Linux too, for that matter)

Longer answer:
You've left out a lot of important information about the server, the platform, your application, and the topology.

But, in general:
1. The first SYN will be from a client trying to connect to a "well known port" (e.g. 6061)

2. The server will respond with an ACK and a SYN; the client will respond with another ACK, and the connection will be established (TCP/IP's "three-way handshake").

3. The connection will be on a *different* port (an "ephemeral port"): 6061 is just needed to *establish* the connection; it isn't monopolized for the entire duration of the connection.

4. When the connection is closed, the *ephemeral port* will be in a TIME_WAIT state for 2-3 minutes (and cannot be reused during that time).

5. But the server should generally be free to accept new connections on the "well known port" (e.g. 6061) all the while.

Bottom line:
TCP/IP itself is almost certainly OK. There's probably something wrong with the application (the "server" accepting connections on port 6061). Look there, first. Then look at the client (the guy who's initiating the connection). Next, look at any potential firewalls (hardware or software firewalls) between the two.

'Hope that helps .. PSM
Old 05-12-2009, 12:40 PM   #3
LQ Newbie
Registered: May 2009
Posts: 2

Original Poster
Rep: Reputation: 0

Thanks for the reply. The 6061 is the client port and server port is 5061(sip-tls). The server is not using the ephemeral port. It uses the same port 5061 but with a new soscket descriptor.
I don't see a new incoming TCP connection is coming to the application. It is basically getting TCP syn on the third time. How do we find out the kernel is dropping the packet?
The system is very much idle, which doesn't have much TCP connections also.

Old 05-21-2009, 05:25 AM   #4
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 877

Rep: Reputation: 184Reputation: 184
Your client application is misbehaving. According to RFC 1323 -

B.2 Closing and Reopening a Connection

When a TCP connection is closed, a delay of 2*MSL in TIME-WAIT
state ties up the socket pair for 4 minutes (see Section 3.5 of
[Postel81]. Applications built upon TCP that close one connection
and open a new one (e.g., an FTP data transfer connection using
Stream mode) must choose a new socket pair each time.



Last edited by baldy3105; 05-21-2009 at 06:43 AM.


syn, tcp

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP handshake fails, SYN/ACK ignored by system. xnomad Linux - Networking 1 09-28-2011 11:10 AM
How do I protect myself against TCP SYN flooding? arkaan Linux - Security 8 04-16-2007 07:54 PM
TCP SYN attack -Linking errors adityabhat6 Programming 1 03-26-2006 07:10 PM
programming in c, problem TCP -> SYN,... bebe531 Programming 1 05-25-2004 02:58 PM
Blocking TCP | SYN scans robeb Linux - Security 3 05-19-2002 08:41 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:25 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration