First in this tutorial, let’s take a look at the main logic of TCP processing SYN, and analyze the points that may cause problems based on case handling experiences. In this tutorial, we will be using the widely used kernel version of CentOS 7. Processing TCP SYN while in the Listen State Rather, we will focus on the most common causes. The client’s persistent retransmission of TCP SYN may also be caused by other causes, such as inconsistent access paths caused by multiple NICs on the server side, or SYN packets blocked by iptables rules, but these won't be discussed here. By the TCP protocol stack, what we mean is that for related network problems it may be the case that: the TCP SYN packet may have reached the TCP processing module of the kernel, but no SYNACK was returned to the client based on the server-side kernel code. This blog will focus in on network problems that are related to the TCP protocol stack. This problem occurs relatively frequently. It can be seen at the server that the TCP SYN packet has reached the NIC, but there are no return TCP packets.This is because the first packet has not obtained the RTT and RTO, and it will be retransmitted in 1, 2, 4, 8 or so seconds until _syn_retries retransmissions are completed. The client has been retransmitting TCP SYN in exponential backoff.
![tcp state unreplied tcp state unreplied](https://bluenetsec.com/wp-content/uploads/2019/09/TCP_STATE_BYPASS_TOPOLOGY.jpg)
If you can obtain the packets captured at both ends, the packets will look like the following: When troubleshooting network problems, it is common to encounter TCP connection failures.