0

I have a HTTP server that serve many short time connections from many clients, the server logged that there are some invalid HTTP requests, so I decide to capture the network traffic. This is what I got:

![image][1]

Because of HTTP keep-alive, the stream looks like have 3 requests, the first(end at APN: m-wap.0001) is OK, but the second and third are not. I don't think user send such that request, I think it is a network problem (all of invalid requests look come from 3G network user, behind NAT network). We use tcp_tw_reuse and tcp_tw_recycle in earlier time, but I turn them off for now to avoid problem may relate to NAT network. But there are still some invalid requests, Do you have a suggest?

Update: Finally I found the answer, the network provider was alter the request by adding 4 last header, and they need to update SEQ/ACK number, but it seem that they did not do it correct in case of re-transmission.

secmask
  • 101
  • 3

2 Answers2

0

Are you missing part of this TCP conversation in your packet capture?

The client is sending Acknowledgements and the ACK value is increasing, meaning data has been received from the other end, but there is no such data in your capture.

If the remote end sent a FIN but still had some data in its send buffer, or data which had been sent then delayed and arrived out-of-order, those might explain why the client resets in the last frame.

suprjami
  • 3,536
  • 21
  • 29
  • We use LVS and in/out stream on different network interface, so this capture only contain incoming-stream. – secmask Jul 03 '14 at 14:40
0

I provided the answer in the update of question.

secmask
  • 101
  • 3