certificate authority – TCP Window with large SSL Packets. Distinguished Names Length 10kb

We are troubleshooting network latency related to SSL Handshake. This doesn’t necessarily cause the delay every time but in some cases, Server take 5-10 seconds just to start sending first SSL packet after Acknowledging Client Hello packet. Attached are snapshot of both Client and Server side captures taken at respective application servers. Please see notes and queries below.

Appreciate your help.

  1. Captures taken at both Client and Server side which are in different location having router and firewalls on the path.
  2. SSL Handshake type is set to ‘Optional’ at Tomcat 8.x on Windows 2016.
  3. Client is a Linux Server.
  4. Client TCP Window is 5840 and Server TCP Window is 8192
  5. Client to Server, DF (Don’t Fragment) bit is set to 0
  6. Server to Client, DF (Don’t Fragment) bit is set to 1
  7. Server’s SSL Segments (Server Hello, Certificate Chain, Server Key, and Certificate Request) is of total 15456 bytes.
  8. Out of 15456 bytes, lass SSL Segment of Certificate Request contains ‘Distinguished Names’ packet length of 10912 bytes. This packet has list of about 90 Trust Stores in it.
  9. Server’s SSL Segments is broken into 12 packets (111330 bytes + 1851 bytes) and they are all pushed in one go from Server without waiting for any ACK from Client.
  10. Server returns Client Hello ACK and that is received immediately at Client side.
  11. For some reason Server is seeing DUP-ACK of Client Hello from Client Side. At Client Side captures, we do not see this DUP-ACK going out to Server. This is happening 5 times in the TCP session. Server does Fast Re-transmit Client Hello ACK.
  12. This Re-transmit of Client Hello ACK is not seen at Client who sees first SSL Packet at 0.94th second (After above Re transmit of Client Hello) and starts sending ACK of these 12 SSL Packets as it received.
  13. At Server ACKs are seen but the Server which is getting ACKs one-by-one, see that it only got ACK of 5th out of 12th packet. This result Server re-transmit of SSL packets from 6th to 12th.
  14. At Client, it sees re-transmitted SSL Packets (as it arrived first time). It doesn’t see original SSL packet 6th to 12th which was previously sent to Client in One-Go.


  1. How server is able to send SSL packets of 15456 bytes at one go which is more than TCP Window of 8192 bytes?

    1. Why Server is seeing DUP-ACK of Client Hello from Client Side multiple times but at Client captures we see these DUP-ACKs are not sent?

    2. Why Tomcat Server is sending list of CAs in ‘Distinguished Name’ for ‘Certificate Request’ payload? This is having 10940 bytes length? Is this due to some Windows Registry setting?

    3. Can Server not send CAs list in ‘Certificate Request’ and yet SSL Handshake works? Server
      Certificate is not issued by 3rd party CA but Server’s own CA.

    4. How to fix this issue of SSL Handshake delay and make this TCP session efficient?

    (1):Server Side Capture Image – https://i.stack.imgur.com/rhYNu.jpg

    (2):Client Side Capture Image – https://i.stack.imgur.com/kzZnl.jpg

networking – Ubuntu transmits TTL 0 multicast packets

IP packets with TTL 0 shall not leave host.

But when I start application which multicasts UDP packets with TTL 0, I see packets with TTL 0 leaving host for few seconds, and coming to normal behavior of TTL 0. This most likely happens after reboot and first start of application.

I confirmed packets with TTL 0 leaving host with tcpdump:

05:31:39.048304 IP (tos 0x0, id 14487, offset 0, flags (DF), proto UDP (17), length 1344) > UDP, length 1316
05:31:39.049594 IP (tos 0x0, id 14488, offset 0, flags (DF), proto UDP (17), length 1344) > UDP, length 1316
05:31:39.051601 IP (tos 0x0, id 14489, offset 0, flags (DF), proto UDP (17), length 1344) > UDP, length 1316
05:31:39.053584 IP (tos 0x0, id 14490, offset 0, flags (DF), proto UDP (17), length 1344) > UDP, length 1316

As we can see ttl is not displayed which means TTL 0, as confirmed from tcpdump man page: https://www.tcpdump.org/manpages/tcpdump.1.html (search ttl, it clearly indicated: ttl is the time-to-live; it is not reported if it is zero).

There are no any iptables rules running.

uname -a: Linux mydevice 4.15.0-101-generic #102-Ubuntu SMP Mon May 11 10:07:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a:

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic

What can be the cause for this behavior, and how can I resolve this?

c – Is there any good way to handle another program sending interfering HID packets?

I wrote a program to read the battery level of a Dualshock 4 controller and change it’s light accordingly using HID packets.

Sadly, after writing the program, I fired up Steam and tried playing a game, only to have Steam forcefully take over the lighting controls and override my program.

Code is in C, running on Linux.

So, my question stands. Is there a way to fix the conflict between them? Is there some magic I can do to “firewall” the packets coming from Steam (yet retain some functionality)?

How to counts the packets number sent by Telegram in one second?

I am going to do some traffic analysis of Telegram for my final project.
Now I wonder that how can I know how many packets are sent or received by Telegram in a second?
I want to draw a diagram to show the packets I receive in a period of time like the picture I upload.

Thank you all guys!
enter image description here

number of packets to detect DDOS

this is what DC sent me about the latest ddos ​​attack, but this server is protected by cloudflare im thinking to increase security by … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1807681&goto=newpost

analyze network capture packets – Server error

What happens in the next traffic capture? What does that tell you?

15: 50: 53.508777 IP> S 3291711383: 3291711
383 (0) win 2048
15: 50: 53.508927 IP> R 0: 0 (0) ack 3291711
384 win 0
15: 50: 53.509020 IP> S 3291711383: 32917113
83 (0) win 4096
15: 50: 53.509033 IP> R 0: 0 (0) ack 32917113
84 win 0
15: 50: 53.509614 IP> S 3291711383: 329171138
3 (0) win 1024
15: 50: 53.509629 IP> R 0: 0 (0) ack 329171138
4 win 0
15: 50: 53.510196 IP> S 3291711383: 3291711
383 (0) win 4096
15: 50: 53.510210 IP> R 0: 0 (0) ack 3291711
384 win 0
15: 50: 53.511099 IP> S 3291711383: 32917113
83 (0) win 4096
15: 50: 53.511113 IP> R 0: 0 (0) ack 32917113
84 win 0
15: 50: 53.511220 IP> R 0: 0 (0) ack 32917113
84 win 0
15: 50: 53.511275 IP> S 3291711383: 329171138
3 (0) win 1024
15: 50: 53.511289 IP> R 0: 0 (0) ack 329171138
4 win 0
15: 50: 53.512057 IP> S 3291711383: 32917113
83 (0) win 3072
15: 50: 53.512082 IP> R 0: 0 (0) ack 32917113
84 win 0
15: 50: 53.512490 IP> S 3291711383: 329171138
3 (0) win 3072
15: 50: 53.512503 IP> R 0: 0 (0) ack 329171138
4 win 0
15: 50: 53.512625 IP> S 3291711383: 32917113
83 (0) win 2048
15: 50: 53.512636 IP> R 0: 0 (0) ack 32917113
84 win 0
15: 50: 53.513796 IP> S 3291711383: 32917113
83 (0) win 2048
15: 50: 53.513816 IP> R 0: 0 (0) ack 32917113
84 win 0

virtual machines – Receive DUP! packets when pinging the VM server

I receive duplicate packets when initiating a ping to all addresses, internal or external.

The configuration is as follows;

I have an Xpenology server running phpVirtualBox. I created 2 VMs in VirtualBox:

  1. Juniper vSRX
  2. Ubuntu server

The Ubuntu server encounters these duplicate packages. The two virtual machines are configured in Bridge Adapter mode under eth0. I have a feeling that it has something to do with what is causing the problem?

root@devvm:~# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=51 time=20.8 ms
64 bytes from icmp_seq=1 ttl=50 time=21.2 ms (DUP!)
64 bytes from icmp_seq=1 ttl=51 time=25.6 ms (DUP!)
64 bytes from icmp_seq=1 ttl=50 time=28.0 ms (DUP!)
64 bytes from icmp_seq=2 ttl=51 time=14.8 ms
64 bytes from icmp_seq=2 ttl=50 time=15.0 ms (DUP!)
64 bytes from icmp_seq=2 ttl=51 time=20.1 ms (DUP!)
64 bytes from icmp_seq=2 ttl=50 time=20.3 ms (DUP!)
--- ping statistics ---
2 packets transmitted, 2 received, +6 duplicates, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 14.883/20.768/28.051/4.253 ms

On Xpenology (host OS) and Juniper vSRX (VM), I don't see this behavior when pinging.

All devices have different IP addresses and the two virtual machines have different virtual MACs.

network – Client-side prediction divergence with input packets and time differences | Multiplayer FPS

I'm having a problem implementing client-side prediction in my multiplayer FPS. I am not entirely sure that I fully and correctly understood the concepts. I have read Gambetta and Valve's articles, as well as several others.

What I am currently doing is sending customer feedback in the form of key presses and releases; the client sends when he presses "W", for example, and sends a packet once he has stopped pressing "W". The client then predicts the movement in a completely deterministic way. The server then sends a position of the packets to all clients and the client checks for a discrepancy and corrects it.

I now run into the problem if the time between the incoming packets at the start differs from the time between the incoming packets at the arrival, this will inevitably lead to small errors and massive discrepancies over the time because the server will think that the client has pressed a key for more or less time than it actually has it. I haven't seen anyone mention this, so I wonder if what I'm doing is right.

Another problem I see with this approach is that the client sends rotation updates to the server at 64 Hz (my tick rate). This will, of course, result in small differences in rotation between the server and the client at specific times. Since movement depends on the player's orientation / rotation, client-side prediction errors will inevitably occur.

One way I thought this might solve the first problem, would be to send timestamps with the input packets and have the rewind positions of the server and compensate for inaccuracies in delay. Before continuing, I seek confirmation that what I am doing is right.

Any help would be appreciated! Thank you!

network programming – How to capture UDP packets in JAVA?

I'm very new to programming.
I need to write a JAVA program which can intercept UDP packets. I have written a basic UDP receiver program but I don't know how to adjust it for this purpose.

import java.io.;
import java.net.

public class BasicReceiver {

public static void main(String() args) {
    int port = args.length == 0 ? 57 : Integer.parseInt(args(0));
    new BasicReceiver().run(port);

public void run(int port) {
    try {
        DatagramSocket serverSocket = new DatagramSocket(port);
        byte() receiveData = new byte(8);
        String sendString = "polo";
        byte() sendData = sendString.getBytes("UTF-8");

        System.out.printf("Listening on udp:%s:%d%n",
                InetAddress.getLocalHost().getHostAddress(), port);
        DatagramPacket receivePacket = new DatagramPacket(receiveData,

            String sentence = new String( receivePacket.getData(), 0,
                    receivePacket.getLength() );
            System.out.println("RECEIVED: " + sentence);
            // now send acknowledgement packet back to sender
            InetAddress IPAddress = receivePacket.getAddress();
            DatagramPacket sendPacket = new DatagramPacket(sendData, sendData.length,
                    IPAddress, receivePacket.getPort());
    } catch (IOException e) {
    // should close serverSocket in finally block


I am not receiving any packets but I can see packets on my Ethernet port:
WireShark Snapshot

Like I said, I'm very new to programming, so excuse me if I make simple mistakes.

networking – TCP vs UDP reliable? Sending reliable packets in fast multiplayer games?

Running TCP and UDP in parallel simply causes problems. In addition, you may not need all the reliability features of TCP, so it could be excessive anyway.

Most games solve this problem by replicating the TCP reliability features they really need at the application level.

  • Do you have the concept of persistent connections? Add a connection ID to each message.
  • Do you need a delivery guarantee for certain messages? Ask the recipient to reply to these messages with a confirmation. Resend any message when confirmation does not arrive within a given time.

  • Do you need to know the order in which the messages were sent? Add sequence numbers to your UDP messages.

  • Do you need to guarantee that sequences are processed in sequence? Add sequence numbers and allow the recipient to re-request a message with a given sequence number. Have it done when a missing sequence number does not arrive within a given time.

Doing it all by yourself gives you a lot more control over what's really going on at the network level than letting TCP manage it. But the bottom line is, real-time networking is complicated. Every game developer is well advised not to reinvent the wheel and take a look at the reliable UDP libraries for developing games available for their programming language.