Duplicate messages?

["Jim Brikman (ybrikman)" <yb...@cisco.com>]

Overview of the problem:
 
* We have a client computer named C and a server running Tomcat 5.5.23
called S
* Every now and then, C makes a SINGLE https request to S
* For some reason, the Tomcat access logs on S will sometimes show the
https request TWICE
 
So, we're trying to figure out why we're seeing duplicate messages. We
ran a packet sniffer (Wireshark) on both C and S and found the
following:
 
* C definitely only sends the https request ONCE
* S definitely only receives ONE https request
 
Let me restate that: both packet sniffers show only ONE https message
going across the line, yet Tomcat's access logs show the message twice.
One final thing we noticed while watching the packets going through the
sniffers:
 
* C sends one https request
* S receives one https request
* The https request appears the first time in the Tomcat access logs
* The connection between C and S is closed using the typical messages
(FIN, ACK, ACK)
* Immediately after the connection closes, we are then seeing some odd,
very small SSL packets going from S to C. We cannot decipher what these
are but they are TINY (def. not https requests).
* C responds with a RESET message to these
* At the exact time these "odd" packets are sent, the second copy of the
https request appears in the Tomcat access logs
 
Does anyone have a clue what's going on? Is there something in between
the Tomcat access log layer and the packet sniffer layer that could be
duplicating these messages? Could these odd little SSL messages somehow
make Tomcat think it got a second copy of the message?
 
Thanks,
Jim
 
 	
Yevgeniy (Jim) Brikman
Software Engineer
Voice Technology Group

ybrikman@cisco.com
Phone :978-936-0510
Mobile :617-538-2632



500 Beaver Brook Road
Boxborough, MA 01719
United States
www.cisco.com <http://www.cisco.com/>