FIN+ACK+PSH

[yogi_ccse]

Hi All,

1. We've one web server which is accessible from outside.
Rule
Any Web Server http/https

I am seeing lot of drops by clean up rule on daily basis from the web server to internet sites. On running snoop i see when web server is sending to Internet IP's; FIN + ACK flag is set but in further few packets i see FIN+ACK+PSH which makes me in loop why its sending FIN+ACK+PSH. also why am i seeing so many drop from my web server to internet with source port as https and destinaiton port random., is the reason for those drops is FIN+ACK+PSH

[dbedit]

I think it is, probably because sessions are out of the state table. Try to increase the tcp timers for your http/https service, its default 3600 secs.

[yogi_ccse]

Hi,
thanks for ur reply!

To me it looks like a default behaviour of application.
But why should a web servr send FIN+ACK+PSH?
and why will i require to modify the TCP Timers ? default shd be ok.
also is there any way to see what is the reason in logs for those packets getting dropped?

Thx in advance
Yogi

[chillyjim]

That sounds like something is really wrong with your IP stack on the webserver.

You are right about the timers, if you need more than an hour for an HTTP session to respond, there is something else wrong.

[yogi_ccse]

thx for the reply.

any more insights?

thx
Yogi

[chillyjim]

Patch your systems. I remember a Windows issue with this a while ago, there also was an SGI IRIX issues about 5 years ago where it would do this.