Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Multiple syn's , syn/ack and ack received for single conne

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: asad <a.alii85@xxxxxxxxx>
Date: Wed, 5 Aug 2015 00:05:02 +0500
This is to just update the community that T B user is indeed right, I re-run the test on new set of websites and this time I picked more dynamic basic contents e.g bbc,axn etc. I saw that for those Big site as to say, the browser indeed requests in parallel, and the case was similar to what i experienced in my own environment. Thanks T B for bringing my attention on this behavior of browsers.

On Tue, Aug 4, 2015 at 11:28 PM, asad <a.alii85@xxxxxxxxx> wrote:
Thanks, for the fast response.

I have tested the same by visiting home-pages of other websites as well and none had such behavior parallel requests by browser. It mostly works as classical.

syn
syn-ack
ack

Now, consecutive syn's. Yes you were right, down the packet-capture I see all the syn,syn-ack and ack packets. Thanks for mentioning.

regards
asad

On Tue, Aug 4, 2015 at 11:05 PM, T B <phreakocious@xxxxxxxxx> wrote:
A web browser can make multiple connections to the same server to fetch different resources in parallel.  The other syn/ack responses are probably in the capture as well, but further down.  The sockets should be processed in the order they're received, but there are lots of reasons why it might not all happen immediately.  None of this seems strange so far.

Hope this helps.

On Tue, Aug 4, 2015 at 11:13 AM, asad <a.alii85@xxxxxxxxx> wrote:
I have a scenario, I'm analyzing ssl (decrpyt) traffic to my webserver. I'm investigating server and end-to-end delay issues. In between this I'm stuck at following traffic pattern for which I need some advice/suggestion. The patter shows:-

     client       server
    src port 1 -> 80 (syn)
    src port 2 -> 80 (syn)
    src port 3 -> 80 (syn)
    src port 4 -> 80 (syn)
    .....

     server        client
    src port 80 -> 1  (syn/ack)
    src port 80 -> 2  (syn/ack)

    client         server
    src port 1 -> 80  (ack)
    src port 2 -> 80  (ack)

After, complete of handshake I see <code>"http get request"</code> from client. My issues is:-

 1. why are multiple syns send from
    client to server from different
    source port
 2. why server choose to
    reply on NOT all ports mainly the
    syn/ack is received by first 3
    ports.
 3. Multiple acks to different
    ports?

a sample SYN request just for analysis looks like

"694    47.583499000    192.168.1.56    192.168.1.22    TCP    66    0.000173000    50844→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1"

Please help me understand this behavior.


   

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube