From: Jay Levitt <lists-netfilter@shopwatch.org>
To: netfilter@lists.netfilter.org
Subject: RST instead of FIN?
Date: Sat, 10 Apr 2004 14:33:16 -0400 [thread overview]
Message-ID: <05c301c41f2a$4a6ef650$9701a8c0@office> (raw)
[-- Attachment #1: Type: text/plain, Size: 1012 bytes --]
On my Mandrake 9.0 box (2.4.19-38 kernel), a few times an hour I see TCP packets after the end of a TCP session, which result in log/drops in iptables. I ran ethereal to capture one such session, and found that in this instance I seem to be the party at fault - but I have no idea why or what to do...
66.35.250.206, a sourceforge.net box, connects to my mail server to deliver an e-mail, as follows:
sourceforge: [SYN]
me: [SYN, ACK]
sourceforge: [ACK]
[SMTP conversation ensues, switches to TLS, sends me an e-mail. at the end..]
me: [RST]
sourceforge: [FIN, ACK]
me: [RST]
me: [RST]
Since I'd already RST the connection, the [FIN, ACK] was of course treated as un-ESTABLISHED, and so was logged and dropped.
But what could cause me to be sending three RSTs at the end of a conversation instead of a FIN? Could that be a sendmail problem (I'm running 8.12.10), a kernel problem, something else? The whole conversation took 5 seconds, so there are no timeouts occurring...
Jay Levitt
[-- Attachment #2: Type: text/html, Size: 2126 bytes --]
next reply other threads:[~2004-04-10 18:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-10 18:33 Jay Levitt [this message]
2004-04-10 22:54 ` RST instead of FIN? Antony Stone
2004-04-11 5:41 ` Jay Levitt
2004-04-11 10:00 ` Chris Brenton
2004-04-11 18:01 ` Jay Levitt
2004-04-12 19:33 ` Ranjeet Shetye
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='05c301c41f2a$4a6ef650$9701a8c0@office' \
--to=lists-netfilter@shopwatch.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox