[Wien] strange RSTs over IPv4

Gui Iribarren (spam-protected)
So Apr 22 21:16:40 CEST 2018 

On 22/04/18 20:53, Gui Iribarren wrote:
> today, since i woke up "internet was not working" at stein712
> i just time to take a closer look, and something funny is going on.
> global ipv6 works as expected.
> ipv4 icmps also work fine, RTT to various known places is legit
> but any tcpv4 fails misteriously with a RST
> a tcpdump on both ends (laptop inside funkfeuer and a server outside of austria) shows the syn, syn/ack, ack handshake go without problem, but then the first data packet server->laptop never reaches the laptop, instead the server receives a RST around 50ms after (roughly the RTT laptop-server, which would indicate the RST comes from near the laptop i.e. funkfeuer or austria at least)
> 
> this misterious RST is *not* coming from my laptop.
> 
> the first data packet laptop-server *does* reach the server. server replies with a RST, since it already dropped the connection.
> 
> just in case, i reproduced the same behaviour using starting point my openwrt node (so, one hop upstream from my laptop) which is as far as i have admin access. previous paragraphs apply s/laptop/ubiquiti/g
> 

attached relevant packets from simultaneous tcpdumps running on openwrt
node, and on server, while trying a simple "ssh 109.69.8.34" from openwrt


> any ideas?
> 
> --
> Wien mailing list
> (spam-protected)
> https://lists.funkfeuer.at/mailman/listinfo/wien
> 
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : weird_rst_0xff_side.pcapng
Dateityp    : application/x-pcapng
Dateigröße  : 2468 bytes
Beschreibung: nicht verfügbar
URL         : <http://lists.funkfeuer.at/pipermail/wien/attachments/20180422/8be6da39/attachment.bin>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : weird_rst_server_side.pcapng
Dateityp    : application/x-pcapng
Dateigröße  : 2916 bytes
Beschreibung: nicht verfügbar
URL         : <http://lists.funkfeuer.at/pipermail/wien/attachments/20180422/8be6da39/attachment-0001.bin>

Mehr Informationen über die Mailingliste Wien