Topology: Client —– Intermediate Device —– Server
Client: win7
Intermediate Device: unknown
Server: CentOS 5.8
The problem occurs when the client and server are trying to establish a SSL connection. It happens to one specific port, 2000. I haven't been able to replicate the problem with other port numbers.
I captured packets on both client and server. After the TCP handshake, from the client's perspective, it's not receiving ACKs for its previously sent packets so it kept re-sending them. On the server side, however, it did receive those packets and sent ACK packets.
The weird thing is, after the server sent those ACKs, it received a [RST, ACK] packet, from the intermediate device, for every packet it sent.
What could be the cause?
Best Answer
If this happens after the SSL connection has been negotiated, it is possible that the intermediate device considers encrypted traffic on port 2000 as a potential security threat (or in some way "unwanted") and makes two things: