Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Significance of RST

From: "Mohan Radhakrishnan" <mohanr@xxxxxxxxx>
Date: Fri, 26 Aug 2011 09:23:16 +0530

Hi,

 

        Is there a suggestion ? It could be based on your experience. I am probably on the wrong track here because it is impossible to trap these packets on the other side where there is a live ATM.

 

Thanks,

Mohan

 


From: Mohan Radhakrishnan
Sent: Wednesday, August 24, 2011 2:11 PM
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: RE: Significance of RST

 

The correct capture is this. Apology.

 

628       9537.122717      IP 1      IP 2      TCP      admin > listener [FIN, ACK] Seq=1 Ack=1 Win=65535 Len=0

629       9537.122731      IP 2      IP 1      TCP      listener > admin [ACK] Seq=1 Ack=2 Win=65535 Len=0

630       9537.126060      IP 2      IP 1      TCP      listener > admin [RST, ACK] Seq=1 Ack=2 Win=0 Len=0

631       9537.131393      IP 1      IP 2      TCP      rec > listener [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

632       9537.131435      IP 2      IP 1      TCP      listener > rec [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

633       9539.940822      IP 2      IP 1      TCP      listener > rec [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

634       9539.956506      IP 1      IP 2      TCP      rec > listener [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

635       9539.956516      IP 2      IP 1      TCP      [TCP Dup ACK 633#1] listener > rec [ACK] Seq=1 Ack=1 Win=65535 Len=0

636       9540.002582      IP 1      IP 2      TCP      rec > listener [ACK] Seq=1 Ack=1 Win=65535 Len=0

 

Thanks.

 


From: Mohan Radhakrishnan
Sent: Wednesday, August 24, 2011 1:56 PM
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: Significance of RST

 

Hi,

 

         I would like to get some help to understand why after several TCP keep-alive( set to 45 seconds for debugging ) packets I see a RST negotiation here. Are there any suggestions to debug this ?

 

628       9537.122717      IP 1      IP 2      TCP      admin > listener [FIN, ACK] Seq=1 Ack=1 Win=65535 Len=0

629       9537.122731      IP 2      IP 1      TCP      listener > admin [ACK] Seq=1 Ack=2 Win=65535 Len=0

630       9537.126060      IP 2      IP 1      TCP      listener > admin [RST, ACK] Seq=1 Ack=2 Win=0 Len=0

631       9537.131393      IP 1      IP 2      TCP      rec > listener [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

632       9537.131435      IP 2      IP 1      TCP      listener > rec [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

633       9539.940822      IP 2      IP 1      TCP      listener > rec [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

634       9539.956506      IP 1      IP 2      TCP      rec > listener [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

635       9539.956516      IP 2      IP 1      TCP      [TCP Dup ACK 633#1] cslistener > direcpc-video [ACK] Seq=1 Ack=1 Win=65535 Len=0

636       9540.002582      IP 1      IP 2      TCP      rec > listener [ACK] Seq=1 Ack=1 Win=65535 Len=0

 

Does this have something to do with data loss ? The socket opened from AIX to a Windows client behaves like this and the client never receives any packets.

 

Thanks,

Mohan

DISCLAIMER:
==========================================================================================================================================================
The information contained in this e-mail message may be privileged and/or confidential and protected from disclosure under applicable law. It is intended only for the individual to whom or entity to which it is addressed as shown at the beginning of the message. If the reader of this message is not the intended recipient, or if the employee or agent responsible for delivering the message is not an employee or agent of the intended recipient, you are hereby notified that any review, dissemination,distribution, use, or copying of this message is strictly prohibited. If you have received this message in error, please notify us immediately by return e-mail and permanently delete this message and your reply to the extent it includes this message. Any views or opinions presented in this message or attachments are those of the author and do not necessarily represent those of the Company. All e-mails and attachments sent and received are subject to monitoring, reading, and archival by the Company.
==========================================================================================================================================================