What does TCP FINs mean at the end of the log

Answered Question
Jan 28th, 2008

Hi,

I'm troubleshooting a connection problem between a client (inside) and a server (outside). The client (139.96.216.21) starting the TCP session to the destination (121.42.244.12). Please have a look at attachement... What does the TCP FINs mean at the end and why is there a FIN Timeout at the end.... Thanks in advance, André

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 6 years 2 months ago

It is very well possible app related timeout-responce issue, I do not believe it is firewall related as firewall is doint what is suppose to do when the TCP handchake is not fully completed thus closing the connection.

Rgds

Jorge

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3 (1 ratings)
JORGE RODRIGUEZ Mon, 01/28/2008 - 16:54

Hi Andre, this simply indicates the tcp three way hand chacke process did not complete in other words the wait time for a sync packet exceeded the 30 seconds forcing to terminate the connection by timeout.

I believe this could be caused by congestion-latency somewhere along the path causing retransmission between source and destination, or even latency at the destination server.. Im sure others may provide more insight.

Is this happening with a single destination client or several.

See message 302014

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html

Rgds

Jorge

andre.harasim@e... Mon, 01/28/2008 - 17:28

Hi Jorge, this happens only to this client which is within the subnet 139.96.216.0/24 and also located inside the firewall. Other clients, which are located in other countries but with them same setup (Firewall in front of the WAN connection), doesn't have this problem. I don't think that the problem is caused by congestion-latency, because the response time is ok (less then 100ms).

C:\Documents and Settings\rc3all>ping 121.42.244.12

Pinging 121.42.244.12 with 32 bytes of data:

Reply from 121.42.244.12: bytes=32 time=37ms TTL=121

Reply from 121.42.244.12: bytes=32 time=37ms TTL=121

Reply from 121.42.244.12: bytes=32 time=37ms TTL=121

Reply from 121.42.244.12: bytes=32 time=37ms TTL=121

Ping statistics for 121.42.244.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 37ms, Average = 37ms

I only wanted to be sure that the TCP FIN timeout is not related to the firewall. I think this is because of the application which seems to be not responding!?

Correct Answer
JORGE RODRIGUEZ Tue, 01/29/2008 - 12:08

It is very well possible app related timeout-responce issue, I do not believe it is firewall related as firewall is doint what is suppose to do when the TCP handchake is not fully completed thus closing the connection.

Rgds

Jorge

Actions

Login or Register to take actions

This Discussion

Posted January 28, 2008 at 4:13 PM
Stats:
Replies:3 Avg. Rating:3
Views:5733 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446