FIN Packets

Nov 1, 2008

One of my client has the following question but I don't have enough knoweldge on this topic. Hope some network experts out there can give me some advises.

I want to do this:
1. TCP SYN negotiation using fixed port
2. HTTP request
3. ACK
4. Another HTTP request (control words)
5. ACK
6. Another HTTP request (control words)
7. ACK

Unfortunately, I can only accomplish this:
1. TCP SYN negotiation using fixed port
2. HTTP request (control words)
3. ACK
4. FIN
5. TCP SYN negotiation using ANOTHER port
6. HTTP request (control words)
7. ACK
8. FIN

There is too much overhead in the second method. Can you comment on why the first method doesn't work? It processes the first HTTP request but ignore the second, third, etc. HTTP requests. WHY? Do I always have to choose another port to processes another HTTP request?

View 1 Replies


ADVERTISEMENT

Too Much Packets To Tcp What Does It Indicate

Nov 11, 2007

What does it mean is it indicate ddos attacks?

From 58.32.23.4 - 1160 packets to tcp(1034,1036,1046,1055,1072,1084,1086,1097,1108,1109,1124,1138,1144,1146,1161,1174,1179,1180,1199,1206,1208,1237,1242,1275,1295,1296,1298,1313,1335,1 346,1349,1357,1384,1404,1419,1420,1475,1484,1509,1510,1538,1545,1547,1585,1593,1612,1684,1689,1690,1729,1731,1733,1736,1746,1749,1752,1753,1756,1762,1 763,1765,1768,1770,1779,1782,1784,1785,1786,1787,1789,1792,1794,1800,1806,1856,1877,1879,1885,1930,1988,2004,2005,2022,2027,2073,2077,2099,2109,2113,2 177,2178,2179,2180,2184,2185,2206,2237,2259,2266,2267,2282,2288,2313,2333,2500,2562,2565,2574,2585,2615,2617,2618,2657,2664,2666,2674,2686,2687,2808,2 821,2831,2836,2846,2867,2892,2904,2949,2950,2964,2984,2993,3101,3130,3210,3215,3285,3336,3359,3572,3638,3695,3696,3700,3848,3893,3973,4023,4030,4235,4 269,4293,4358,4370,4380,4398,4414,4472,4509,4549,4571,4585,4606,4608,4635,4685,4766,4778,4780,4812,4836,4844,4858,4902,4903,4909,4912,4916,4935,4936,4 937,4943,4955,4989,5534,5940,6245,6250,6256,6264,6367,7359,7564,7940,8538,9338,10203,10462,10763,11037,11332,11348,11462,11606,11633,11971,12177,12213 ,12242,12267,12276,12283,12307,12361,12399,12457,12472,12584,12645,12648,12793,12829,12842,12906,13197,13438,13807,14465,14493,14762,14765,14768,14769 ,14778,14779,14795,14981,15913,16474,16506,17060,17565,18047,18131,18191,18342,19113,20426,20702,21575,22062,22099,22379,22420,22423,22440,22675,22908 ,23100,23747,23766,24121,24248,24315,24365,24372,24411,24420,24425,24436,24486,24494,24639,25290,25507,26122,26702,26923,26975,27213,27302,27357,27409 ,27947,28731,28821,28982,29197,29227,29249,29285,29448,30472,30554,30564,30584,30632,31346,31628,31899,32074,32093,32306,32562,32566,32657,33968,33980 ,34442,34947,35047,35423,35599,35718,36937,38131,38404,38580,38696,38982,38995,38998,39001,39006,39036,39041,39077,39205,39288,39412,39822,39880,39999 ,40052,40942,41197,42090,42424,43419,43570,43991,43992,44917,46356,46515,46661,46669,46675,46814,46904,47594,48257,50086,50088,50316,50481,50511,50667 ,50786,50789,50790,50791,50792,50798,50802,50811,50930,50941,50951,50959,50999,51002,51008,51532,51650,51655,52362,52441,52448,52459,52531,52587,52612 ,53013,53223,53232,53237,53267,53284,53288,53941,54256,54789,55144,55228,55463,55522,55648,55846,56130,56807,57504,57765,57812,57814,58340,58850,59239 ,59945,60101,60150,60418,60648,60929,61313,61334,61431,61553,61733,61841,61848,61854,61857,61915,61921,61980,62035,62163,62403,62588,62899,62998,63081 ,63097,63198,63302,63379,63715,64214,64373,64380,64434,64442,64485,64491,64495,64501,64505,64514,65151)

View 2 Replies View Related

Dropping Packets

May 24, 2009

Is it normal for a ton of packets to be dropped? My server goes so slow after it gets a bunch of connections, even if I kill everything (i have to restart), and I can't figure out what the problem is. on my other servers it says no packets were dropped. how can i fix this?

ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1C:C0:C1:8B:3E
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fec1:8b3e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56435 errors:0 dropped:3049109175 overruns:0 frame:0
TX packets:87780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6804084 (6.4 MiB) TX bytes:118424651 (112.9 MiB)
Interrupt:50 Base address:0xa000

View 4 Replies View Related

Packets Lost

Jan 28, 2008

what is packets lost,

I used just-pings.com site and its says my site had 100% losts packets in some locations, what does this mean?

One of my other host doesn't have any packets lost, so for a new package should I go with them, rather than the host which has packets lost?

[url]

When I asked my host they said do not trust just-ping and told me to use,
[url]

Does this site check for packets lost?

View 4 Replies View Related

Many ICMP Packets - I'm Being Hit

Nov 24, 2008

My server is being hit by many ICMP packets. Very abnormal but many of them a from indonesian IP.

My server runs on cPanel + CSF.

Should I change CSF to APF? I read most antiDOS attack articles ICMP; eth0; 48 bytes; from 68.66.136.118.fast.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 125.167.122.253 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 48 bytes; from 179.subnet125-160-99.speedy.telkom.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1468 bytes; from 118.100.245.111 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ARP request for 202.71.103.231; eth0; 40 bytes; from 0011bb064fc1 to ffffffffffff
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.6.234.126 to pete.myserver.com; echo req
note: pete.myserver.com is my server
please advise solution it's causing me 10mbps of inbound bandwidth. my bandwidth is sufficient to handle those for now, but not for long if they increase. my munin shows 20mbps last night

View 5 Replies View Related

My Ping/packets Lost

Feb 20, 2008

I'm getting slow server response times I've been struggling with this for quite some while.

Here is what I know so far:

1. My website divinelightingdotcom through justping returns average 60-80% packets lost for all locations but Santa Clara, which usually has 0-20% loss.

2. My VPS is in Dallas

3. My ISP is also in Dallas, yet justping their website returns 0 packets lost

4a. When I ping my site from Atlanta, the avg trip is 44 ms

4b. However, the first access of my website through a browser usually takes about 5-10 seconds to respond

4c. I assume that my customers have this same experience (if so, this is killing me on my sponsored search advertising)

5. subsequent navigation through the website is usually acceptably fast.

6. wait an hour or so, and the initial page load has 5-10 second response delay again (can be any page on the site)

7. perhaps related, WinMTR from my location in Atlanta shows an comcast IP in virginia that consistently has 20% loss. I have opened a trouble ticket with Comcast.

View 5 Replies View Related

Volumedrive.com Packets Lost

Aug 6, 2008

ping: 64.191.50.55
location result min. rrt avg. rrt max. rrt
Santa Clara, U.S.A. Okay 108.6 127.3 165.2
Florida, U.S.A. Okay 86.9 94.8 110.9
San Francisco, U.S.A. Okay 101.0 115.2 142.9
New York, U.S.A. Packets lost (30%) 47.0 50.2 54.3
Austin1, U.S.A. Packets lost (10%) 80.7 88.9 118.2
Austin, U.S.A. Packets lost (10%) 77.1 86.4 116.8
Vancouver, Canada Okay 172.9 185.3 240.5
Chicago, U.S.A. Packets lost (10%) 59.2 66.1 71.5
London, United Kingdom Okay 102.2 113.3 119.9
Amsterdam3, Netherlands Packets lost (30%) 126.7 129.9 132.7
Amsterdam2, Netherlands Packets lost (30%) 112.7 117.5 123.5
Stockholm, Sweden Packets lost (10%) 139.2 145.6 148.2
Cologne, Germany Packets lost (10%) 129.3 135.5 143.4
Amsterdam, Netherlands Packets lost (10%) 121.9 126.4 130.0
Krakow, Poland Packets lost (20%) 139.0 147.2 152.5
Madrid, Spain Packets lost (10%) 129.2 136.5 143.3
Paris, France Packets lost (10%) 129.4 132.1 135.7
Munchen, Germany Packets lost (20%) 133.5 137.0 142.0
Copenhagen, Denmark Packets lost (20%) 110.9 120.2 124.2
Lille, France Packets lost (10%) 117.8 123.5 127.6
Cagliari, Italy Packets lost (20%) 156.8 159.3 162.8
Sydney, Australia Packets lost (20%) 251.4 264.2 268.4
Melbourne, Australia Okay 280.7 291.1 301.5
Zurich, Switzerland Packets lost (10%) 155.3 163.6 169.1
Shanghai, China Okay 321.8 328.5 337.7
Hong Kong, China Packets lost (30%) 282.9 292.8 304.5
Porto Alegre, Brazil Packets lost (10%) 200.1 208.8 217.1
Singapore, Singapore Packets lost (20%) 311.3 333.3 371.3
Mumbai, India Packets lost (20%) 240.5 245.2 249.7
Johannesburg, South AfricaPackets lost (40%) 390.4 427.0 517.8

It is bad than my vps on vps4less.de .

View 11 Replies View Related

Dropping Empty UDP Packets

May 15, 2008

I currently have my own dedicated server located with the following prefs;

Linux: CentOS 4.6 (final)
Kernel Version: 2.6.9-67.0.15.ELsmp

I know this is possible, but I am seeking how to drop empty udp packets automatically with iptables.

View 2 Replies View Related

How-to: Drop INVALID SYN Packets With Iptables

Jan 13, 2005

Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..

/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

View 5 Replies View Related

Incoming / Outgoing Packets Blocked

Jun 22, 2009

I am facing very unique issue at two of my servers hosted at hivelocity from last 3 or 4 months.

In every couple of days all incoming and outgoing activity get stopped except on port 3386 (RDP) i.e. no one can get website hosted on the server or neither I can access any website from the server but all other services continue to work. A reboot to the server will solve the issue but that is only a temp solution.

I have checked event logs one by one but no issue or error found on it. I have even run the server without firewall but still it stops working.

Scanned the server from 3 different antiviruses one by one but they didn't found any virus.

Datacenter tech staff monitored the server and found no DoS or other such kind of attack on the server or IP.

I am totally clueless on this issue on how to solve it.... anybody here who can help me?

OS: Windows 2003
Firewall: Previous hardware based, then software based and now windows firewall (same issue with all)
Third party softwares: No
Scripts: ASP, ASP.NET, PHP
Database: SQL and MySQL

No other software installed on the server

View 5 Replies View Related

Hosts With High Ping Packets Lost

Mar 14, 2009

On my way searching for an hosting provider, I try pinging every host.. some of them have packets lost, one between 20-30%.

View 10 Replies View Related

Linux Firewall - Filtering Out Zero Length Packets

Aug 13, 2008

I run CentOS 5.2 (Sometimes CentOS 4.6). I have been messing around with IPTables, and cannot find out how to filter zero-length packets.

I believe I might need an unclean module. I have already done hours of reading and researching, but I have come up with nothing, for I do not think this is that common.

If anyone could please let me know the commands to use to filter out all zero-length packets, or the unclean module I need to use with IPTables, I would really appreciate it.

View 14 Replies View Related

Linux IPTables Logging Packets On A Certain Port

Aug 4, 2008

commands to log packets temporarily for a certain udp port with the IP information ect.

Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.

View 3 Replies View Related

Apple's Mail.app Sending Invalid Packets To Mailserver

Aug 18, 2008

I am having a problem with a client who's using Mail.app and it seems to be sending invalid packets to the server. Here is a sample of the report from the firewall:

Code:
Hits: 21
Blocked: permanently

Sample of block hits:
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48970 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=5724 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=23624 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=49421 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:15 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=10507 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=38488 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25402 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18975 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=52260 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18208 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30469 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=36698 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=7445 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47645 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30465 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44590 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=2887 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=35090 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=4986 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42867 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=1310 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0

The report just says Invalid IN. Does anybody have any suggestions on what would be causing this? I use Mail.app myself and have never had problems with it triggering the firewall.

View 0 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved