6
votes

I'm building a server with the ENC28J60 chip and a PIC18F4620. The chip is connected to my PC via ethernet. Currently, I'm trying to set up the TCP connection over which I'll build an HTTP connection later on. I have never worked with TCP before.

I'm implementing TCP on the embedded device only, not on the PC.

After the needed ARP requests and replies are sent, I open up my browser, type the IP address of the chip in and press enter. In wireshark, I see a TCP request1 with the SYN flag is made. I believe the SYN flag indicates a new handshake initiation, so that's good, isn't it?

My chip's reply1 has the SYN and ACK flag enabled. From what I understood, that is the correct way to reply to a SYN-flagged request. The acknowledgement number the chip sends is correct. Now, the chip should get a reply with the ACK flag enabled, according to the same reference.

However, the process seems to start over: the PC sends the exact same packet1 as its first packet, only the 'identification' has changed. I programmed my chip to stop replying when it keeps getting SYN requests on the same socket, so this is the end of the transmission, in the browser I read that the server can't be reached.

This connection is made on four sockets at the same time, all with the same result.

As I'm just using my PC as client (and there's nothing wrong with my ethernet port / driver), the problem must be something with the server and thus with the second packet.

What's wrong with the second packet? Wireshark doesn't mark anything as incorrect, but the client doesn't send an ACK.


1: Here are the packets wireshark picks up:

Client: 3085 > 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=0 TSecr=0 SACK_PERM=1
0000  00 13 d4 c6 53 16 00 1a  a0 03 c7 21 08 00 45 00   ....S... ...!..E.
0010  00 40 de 48 40 00 80 06  9a e1 c0 a8 00 01 c0 a8   [email protected]@... ........
0020  00 3c 0c 0d 00 50 88 ab  7e 18 00 00 00 00 b0 02   .<...P.. ~.......
0030  ff ff a1 4f 00 00 02 04  05 b4 01 03 03 03 01 01   ...O.... ........
0040  08 0a 00 00 00 00 00 00  00 00 01 01 04 02         ........ ......  

Server: 80 > 3085 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=8
0000  00 1a a0 03 c7 21 00 13  d4 c6 53 16 08 00 45 00   .....!.. ..S...E.
0010  00 30 88 10 40 00 7f 06  f2 29 c0 a8 00 3c c0 a8   .0..@... .)...<..
0020  00 01 00 50 0c 0d 00 00  00 01 88 ab 7e 19 70 12   ...P.... ....~.p.
0030  ff ff ef 77 00 00 02 04  05 b4 01 03 03 03         ...w.... ......  

Client: 3085 > 80 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=0 TSecr=0 SACK_PERM=1
0000  00 13 d4 c6 53 16 00 1a  a0 03 c7 21 08 00 45 00   ....S... ...!..E.
0010  00 40 de 6f 40 00 80 06  9a ba c0 a8 00 01 c0 a8   [email protected]@... ........
0020  00 3c 0c 0d 00 50 88 ab  7e 18 00 00 00 00 b0 02   .<...P.. ~.......
0030  ff ff a1 4f 00 00 02 04  05 b4 01 03 03 03 01 01   ...O.... ........
0040  08 0a 00 00 00 00 00 00  00 00 01 01 04 02         ........ ......  

All this happens similarly with three other client's source ports.

For comparison, I made a request to google.com and here is the TCP stream:

Client: 49562 > 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
0000  00 1a a0 03 c7 21 08 9e  01 30 ee 69 08 00 45 00   .....!.. .0.i..E.
0010  00 34 32 3f 40 00 80 06  38 ab c0 a8 00 3c 4a 7d   .42?@... 8....<J}
0020  84 78 c1 9a 00 50 74 b8  31 9c 00 00 00 00 80 02   .x...Pt. 1.......
0030  20 00 56 f7 00 00 02 04  05 b4 01 03 03 08 01 01    .V..... ........
0040  04 02                                              ..               

Server: 80 > 49562 [SYN, ACK] Seq=0 Ack=1 Win=62920 Len=0 MSS=1430 SACK_PERM=1 WS=64
0000  08 9e 01 30 ee 69 00 1a  a0 03 c7 21 08 00 45 00   ...0.i.. ...!..E.
0010  00 34 9e e3 00 00 2e 06  5e 07 4a 7d 84 78 c0 a8   .4...... ^.J}.x..
0020  00 3c 00 50 c1 9a f4 5e  12 bc 74 b8 31 9d 80 12   .<.P...^ ..t.1...
0030  f5 c8 7a 22 00 00 02 04  05 96 01 01 04 02 01 03   ..z".... ........
0040  03 06                                              ..               

Client: 49562 > 80 [ACK] Seq=1 Ack=1 Win=65536 Len=0
0000  00 1a a0 03 c7 21 08 9e  01 30 ee 69 08 00 45 00   .....!.. .0.i..E.
0010  00 28 32 49 40 00 80 06  38 ad c0 a8 00 3c 4a 7d   .(2I@... 8....<J}
0020  84 78 c1 9a 00 50 74 b8  31 9d f4 5e 12 bd 50 10   .x...Pt. 1..^..P.
0030  01 00 af 9e 00 00 00 00  00 00 00 00               ........ ....    
1
You'll have to check a more verbose / informational mode in Wireshark. Wireshark can easily decode the packets for you in a more sensible way than a hexdump. I doubt many people will actually try to understand the hexdump. Not to mention that nobody will recalculate the checksum by hand from the hexdump.jippie

1 Answers

5
votes

I used text2pcap to load your capture into wireshark.

If you enable TCP checksum validation and absolute sequence numbers, you will see a bad TCP checksum in your chip’s SYN-ACK packet.

Also, the chip starting at absolute sequence number 0 is very weak.