[NCLUG] [OT] Re: Question about IP forwarding
Bob Proulx
bob at proulx.com
Mon Apr 26 16:04:01 MDT 2010
Marcio Luis Teixeira wrote:
> 10.50.10.1 --> 192.168.235.119 TCP 51106 > ssh [SYN] Seq=0 Win=8192 Len=0 MSS=1380 WS=2
> 192.168.235.119 --> 10.50.10.1 TCP ssh > 51106 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
> 10.50.10.1 --> 192.168.235.119 TCP 51106 > ssh [RST] 51106 Seq=1209360052 Win=0 Len=0
> 10.50.10.1 --> 192.168.235.119 TCP [TCP Port Numbers reused] 51106 > ssh [SYN] Seq=0 Win=8192
>
> So, it appears to me as if the workstation initiates a connection,
> the worker node acknowledges it, but the break down happens when the
> workstation replies with an RST.
Reset huh...
> I've never seen those packets before, but my googling indicates that
> it's the TCP equivalent of "WTF?" . So the machines are talking, but
> apparently the replies are coming back in Mandarin or something.
It is referring to the tcp state diagram in RFC 793 (1981).
http://www.faqs.org/rfcs/rfc793.html
The wikipedia diagram is easier to read.
http://en.wikipedia.org/wiki/File:Tcp_state_diagram_fixed.svg
> The next packet seems to be the workstation trying to reinitiate the
> connection. This continues ad infinitum (or actually, until the ssh
> client times out).
Sorry, I am out of ideas. But you are chasing all of the right paths
as far as I can tell.
Bob
More information about the NCLUG
mailing list