Linux – TCP handshake ok, then the client isn’t receiving any packets from the server

linuxlinux-networkingssltcp

Topology: Client —– Intermediate Device —– Server

Client: win7

Intermediate Device: unknown

Server: CentOS 5.8

The problem occurs when the client and server are trying to establish a SSL connection. It happens to one specific port, 2000. I haven't been able to replicate the problem with other port numbers.

I captured packets on both client and server. After the TCP handshake, from the client's perspective, it's not receiving ACKs for its previously sent packets so it kept re-sending them. On the server side, however, it did receive those packets and sent ACK packets.

The weird thing is, after the server sent those ACKs, it received a [RST, ACK] packet, from the intermediate device, for every packet it sent.

What could be the cause?

Best Answer

If this happens after the SSL connection has been negotiated, it is possible that the intermediate device considers encrypted traffic on port 2000 as a potential security threat (or in some way "unwanted") and makes two things:

  • intercepts the "ACK" sent by the server so they do not reach the client that will consider the server as not responding
  • sends a reset to the server so that it will not keep the connection open waiting for traffic that will never come from the client
Related Topic