I am currently programming with libnet and pcap and I captured the following TCP handshake, but the server doesn't except the last step of the handshake and responds with a reset.
x.x.x.1 = client (packets sent using libnet)
x.x.x.2 = server (packets sent by kernel)
Is the third step of the handshake valid? The client has the servers seq.number+1 as acknowledgement since that is the next byte that he expects. Is there any reason why a reset is sent by the server based on this tcpdump? If not I have to look elsewhere.
x.x.x.1.y > x.x.x.2.y SYN, seq 100, length 0 win 65535
x.x.x.2.y > x.x.x.1.y SYN|ACK, seq 145411296, ack 101, length 0, options [mss 1460], win 14600
x.x.x.1.y > x.x.x.2.y SYN|ACK, seq 101, ack 145411297, length 0, win 65535
x.x.x.2.y > x.x.x.1.y RST, seq 145411297, length 0, win 0
Also, what is the time before a connections times out?
