Wireshark · Wireshark-users: Re: [Wireshark-users] RST flag at end of TCP transmission

[Abhik Sarkar <sarkar.abhik@xxxxxxxxx>]

I think this would also happen if the sender doesn't close the connection properly after finishing communication...

For example, this code (in Java)
public class Test {
    public static void main(String[] args) throws Exception {
        Socket socket = new Socket("www.wherever.com", 80);
        System.exit(0);
    }
}
--> SYN

<-- SYN+ACK

--> ACK

--> RST

While, this code
public class Test {
    public static void main(String[] args) throws Exception {
        Socket socket = new Socket("www.wherever.com", 80);
        socket.close();
        System.exit(0);
    }
}
Would lead to 
--> SYN
<-- SYN+ACK
--> ACK
--> FIN+ACK
<-- FIN+ACK
--> ACK

On Mon, May 3, 2010 at 7:20 AM, Martin Visser <martinvisser99@xxxxxxxxx> wrote:

Don't forget that even though packets might seem to come from a
sender, they might come from an intervening device. If a firewall is
in between a client and server and it doesn't see traffic on that
session for a certain period (say 2 hours) it might delete  knowledge
of that session - and possibly follow up by sending a RST to the
client party.

Regards, Martin

MartinVisser99@xxxxxxxxx

On Mon, May 3, 2010 at 12:28 PM, sandeep nitta <sandeep.nitta@xxxxxxxxx> wrote:
>  AFAIK, after RST, the connection need not start all over again.
>
> the RST might also be a reason if there are any malformed packets in
> the tcp stream.
>
> OR
>
> there the sender has already closed the port on whcih the connection
> was open some time back and hence the RST.
>
> OR
>
> the host has simply run out of resources.
>
>
> i dont find a definite answer to your questions, but these might be
> the possible reasons.
> if you can attach the trace file, people can look at that and probably
> analyze more.
>
> Thanks,
> Sadeep Nitta
>
>
>
> On Mon, May 3, 2010 at 6:04 AM, Jeff Bruns <jeff.bruns@xxxxxxxxx> wrote:
>> Greetings-
>> This is more of a beginners TCP question than it is a wireshark question,
>> but I haven't had much success finding the answer. I have a TCP transmission
>> that appears to have been delivered successfully and in its entirety, but
>> has an RST packet sent by the sender. There are no out of order packets,
>> packet retransmissions or other indications of stream interruption.
>>
>> It was my understanding that the reset flag was a request by the sending
>> party that the connection be reset and everything start over. That being the
>> case, I would have expected to have some packet loss or other stream issues
>> precipitate the RST flag. I also would have expected that immediately
>> following the RST flag, a new connection would be established and the whole
>> process repeated. There was no follow up connection or retransmission.
>>
>> I am close to understanding the purpose of the RST flag? Or am I way off?
>>
>> Thanks.
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe