Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connection terminated after Client Hello 1

Status
Not open for further replies.
michaeltint

michaeltint

Technical User
Jan 27, 2009
7
GB
Hi Folks,

I have some problem, been asked to analyze pcap file. Partial output is shown below.

Oddly enough after successful TCP handshake, client sends hello, we get no ssl auth and connection gets terminated.

Any suggestion why this is happening?

Your help appreciated.

Regards,


Michael

39 2009-06-03 23:01:51.704412 192.168.227.77 80.40.141.2 TCP 38011 > https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1285538069 TSER=0 WS=2
40 2009-06-03 23:01:51.718601 80.40.141.2 192.168.227.77 TCP https > 38011 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
41 2009-06-03 23:01:51.718620 192.168.227.77 80.40.141.2 TCP 38011 > https [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1285538084 TSER=0
42 2009-06-03 23:01:51.719972 192.168.227.77 80.40.141.2 SSLv2 Client Hello
43 2009-06-03 23:01:51.738406 80.40.141.2 192.168.227.77 SSL [TCP Previous segment lost] Continuation Data
44 2009-06-03 23:01:51.738415 192.168.227.77 80.40.141.2 TCP [TCP Dup ACK 42#1] 38011 > https [ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285538103 TSER=0 SLE=1449 SRE=2556
45 2009-06-03 23:01:51.968985 80.40.141.2 192.168.227.77 SSL [TCP Retransmission] Continuation Data
46 2009-06-03 23:01:51.968995 192.168.227.77 80.40.141.2 TCP [TCP Dup ACK 42#2] 38011 > https [ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285538334 TSER=0 SLE=1449 SRE=2556 SLE=1449 SRE=2556
47 2009-06-03 23:01:52.428773 80.40.141.2 192.168.227.77 SSL [TCP Retransmission] Continuation Data
48 2009-06-03 23:01:52.428781 192.168.227.77 80.40.141.2 TCP [TCP Dup ACK 42#3] 38011 > https [ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285538794 TSER=0 SLE=1449 SRE=2556 SLE=1449 SRE=2556
49 2009-06-03 23:03:42.520378 192.168.227.77 80.40.141.2 TCP 38011 > https [FIN, ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285648903 TSER=0 SLE=1449 SRE=2556
50 2009-06-03 23:03:42.734941 192.168.227.77 80.40.141.2 TCP 38011 > https [FIN, ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285649118 TSER=0 SLE=1449 SRE=2556
51 2009-06-03 23:03:43.164830 192.168.227.77 80.40.141.2 TCP 38011 > https [FIN, ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285649548 TSER=0 SLE=1449 SRE=2556
52 2009-06-03 23:03:44.024623 192.168.227.77 80.40.141.2 TCP 38011 > https [FIN, ACK] Seq=119 Ack=1 Win=5840 Len=0 TSV=1285650408 TSER=0 SLE=1449 SRE=2556
53 2009-06-03 23:03:44.162350 192.168.227.77 80.40.141.2 TCP 38021 > https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1285650546 TSER=0 WS=2
54 2009-06-03 23:03:44.174795 80.40.141.2 192.168.227.77 TCP https > 38021 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
55 2009-06-03 23:03:44.174810 192.168.227.77 80.40.141.2 TCP 38021 > https [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1285650558 TSER=0
56 2009-06-03 23:03:44.176727 192.168.227.77 80.40.141.2 SSLv2 Client Hello
57 2009-06-03 23:03:44.193547 80.40.141.2 192.168.227.77 TCP [TCP segment of a reassembled PDU]
58 2009-06-03 23:03:44.193557 192.168.227.77 80.40.141.2 TCP 38021 > https [ACK] Seq=119 Ack=1376 Win=8592 Len=0 TSV=1285650577 TSER=1470729
59 2009-06-03 23:03:44.193748 80.40.141.2 192.168.227.77 TLSv1 Server Hello, Certificate, Server Hello Done
60 2009-06-03 23:03:44.193754 192.168.227.77 80.40.141.2 TCP 38021 > https [ACK] Seq=119 Ack=2556 Win=11340 Len=0 TSV=1285650577 TSER=1470729
61 2009-06-03 23:03:44.196608 192.168.227.77 80.40.141.2 TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
62 2009-06-03 23:03:44.209049 80.40.141.2 192.168.227.77 TCP https > 38021 [ACK] Seq=2556 Ack=301 Win=65353 Len=0 TSV=1470771 TSER=1285650580
63 2009-06-03 23:03:44.211856 80.40.141.2 192.168.227.77 TLSv1 Change Cipher Spec, Encrypted Handshake Message
64 2009-06-03 23:03:44.212870 192.168.227.77 80.40.141.2 TLSv1 Application Data
65 2009-06-03 23:03:44.244714 80.40.141.2 192.168.227.77 TCP [TCP segment of a reassembled PDU]
 
Sort by date Sort by votes
guys,

file came from someone, just been told, after hello, there was no response and person terminated the session. and established a new session this time connection was established quikly and authenticated.

still need to know why -?
 
Upvote 0 Downvote
Because the certificate had not yet expired, so it just needed the hello and SYn-ACK, then ACK. The FIN could tell you that the session was indeed terminated.

/
 
Upvote 0 Downvote
this test was carried out by another person, i have no idea how he is doing, would like to know if this result of person performing a bad test or problem with client or server?
 
Upvote 0 Downvote
Neither---client must have either closed out the session, or the client system crashed---something seemingly purposely cut the session...IMO...

/
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zebad
  • Locked
  • Question
TFTP interference from another host (Windows Server , VxWorks Client)
Replies
0
Views
602
Zebad
Zebad
SirBlack
  • Locked
  • Question
Internet connection problem
Replies
5
Views
151
kjv1611
kjv1611
willilaw
  • Locked
  • Question
After Transmission Break TCP handshake fails
Replies
0
Views
100
willilaw
willilaw
ramono
  • Locked
  • Question
Dropping the connection
Replies
1
Views
158
dane775
dane775
DaveBarribeau
  • Locked
  • Question
Duplicate source port after reboot, host won't SYN,ACK
Replies
0
Views
180
DaveBarribeau
DaveBarribeau

Part and Inventory Search

Sponsor

Back
Top