Why so many dropped (invalid) FIN,ACKs
Posted: Tue Feb 10, 2015 11:45 am
see attachment.
It looks as if the connection tracking forgets a connection on the first FIN
and then all following packets are considered invalid?
Notice hos this applies to ACK,FIN from internal to websites outside..
Is this normal? I don't think so, as a FIN can be unilateral,
ie one side can close the connection (telling the other side:
No more data from me) but still be prepared to receive more
traffic from the other side. so tearing down the connection
just because one FIN was seen is bad, no?
It looks as if the connection tracking forgets a connection on the first FIN
and then all following packets are considered invalid?
Notice hos this applies to ACK,FIN from internal to websites outside..
Is this normal? I don't think so, as a FIN can be unilateral,
ie one side can close the connection (telling the other side:
No more data from me) but still be prepared to receive more
traffic from the other side. so tearing down the connection
just because one FIN was seen is bad, no?