Project

General

Profile

Actions

Bug #523

closed

stream: invalid stream event when suricata sees 3whs ACK, but server doesn't

Added by Victor Julien about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Basically, we've got SYN, SYN ACK, ACK but ACK did not seem to be received and we've got a new SYN ACK. Which is ACKed once more.

Suricata triggers an alert:
08/16/2012-07:55:05.913557 [**] [1:2210022:1] SURICATA STREAM ESTABLISHED SYNACK resend [**] [Classification: (null)] [Priority: 3] {TCP} 62.93.195.148:80 -> 192.168.0.102:47146


Files

strange-tcp-session.pcap (632 Bytes) strange-tcp-session.pcap Victor Julien, 08/16/2012 05:40 AM
Actions

Also available in: Atom PDF