View Single Post
  #7   (View Single Post)  
Old 8th February 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You can show the loaded ruleset with expansions and options by issuing # pfctl -sr. (This doesn't show any anchor rulesets, if they are used. That requires the addition of -a <anchor> as described in the pfctl(8) man page.)

Quote:
Dropbox is trying to use a TCP connection that has expired...
You redacted it in your first post, but the ACK source appears to be a 10/8 RFC1918 address on your network, and not from the external server. This looks much more like a client workstation with a long-delayed response.

TCP is designed to provide end-to-end confirmation of transmissions, and include reassembly of packets that arrive at their destination in the wrong order, or eliminate duplicate packets that have already been confirmed to have arrived.

In this instance, , it appears the local workstation on the local network issued a packet so out-of-order that the TCP session had already ended. The root cause could be many things. A browser, for example.
Reply With Quote