Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] How to interpret trace

From: George Levasseur <geolev@xxxxxxxxx>
Date: Tue, 23 Mar 2010 07:01:16 -0700 (PDT)

I am unsure of how to interpret a network trace. I understand that there is a source machine and a destination machine in the following trace snippet:

467708    620.887615    TNS    Request, Data (6), Data
467709    620.887860    TCP    ncube-lm > de-noc [RST] Seq=1 Win=0 Len=6

How should I read the above? sends a TNS request to

Do I have that right?

I'm not sure what to make of the next line. I understand that it is a TCP reset which means TCP detected a request on a connection that was closed. Is that correct?

What I don't understand is, is there anything there that tells me who closed the connection? Is it that closed it or

Is the second line a response to the first line?

Any help would be greatly appreciated.