What Is the Reason and How to Avoid the [Fin, Ack] , [Rst] and [Rst, Ack]

STARTED getting RST packet from client socket after I replied SYN packet with SYN + ACK packet

The general reason for sending RST, is that the receiver cannot find a socket, that incomming packet should be attributed to.

Common cases include:

• mismatched ports: there is no open socket for the port pair
• mistmatched sequence numbers: ACK number is incorrect, or ACK number does not fit within sender's window (here sender is the side that has received an ACK, because ACK is a response to sender sending something)

According to TCP specification, packets with SYN (and also FIN) flags set, are acknowledged with ACK numbers increased by one, i.e., as if these flags occupied one byte of data.

---

Considering both received SYN and sent SYNACK, one can see, that sequence number in SYN is 15 1a 68 41 and ACK number in SYNACK is also 15 1a 68 41, which is not SYN + 1 as it should be.

P.S.: structure of TCP header can be found in e.g., wikipedia. An explanation how to match packet bytes to header fields can be found in this answer. Also, an illustration of sender window can be found here.

FIN vs RST in TCP connections

• FIN says: "I finished talking to you, but I'll still listen to everything you have to say until you say that you're done."

• RST says: "There is no conversation. I won't say anything and I won't listen to anything you say."

  RST is useful if you have long lasting TCP connection with little traffic. If one of the computers is restarted, it forgets about the connection, and the other computer gets RST, as soon as it sends another packet.

TCP: Server sends [RST, ACK] immediately after receiving [SYN] from Client

RST, ACK means the port is closed. You sure Host_B is listening on the right IP/interface?

Also check your firewall for a -j REJECT --reject-with tcp-reset

---

Related Topics