Wireshark mailing list archives

Re: Significance of RST

From: "Mohan Radhakrishnan" <mohanr () fss co in>
Date: Wed, 24 Aug 2011 14:11:19 +0530

The correct capture is this. Apology.

 

628       9537.122717      IP 1      IP 2      TCP      admin > listener
[FIN, ACK] Seq=1 Ack=1 Win=65535 Len=0

629       9537.122731      IP 2      IP 1      TCP      listener > admin
[ACK] Seq=1 Ack=2 Win=65535 Len=0

630       9537.126060      IP 2      IP 1      TCP      listener > admin
[RST, ACK] Seq=1 Ack=2 Win=0 Len=0

631       9537.131393      IP 1      IP 2      TCP      rec > listener
[SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

632       9537.131435      IP 2      IP 1      TCP      listener > rec
[SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

633       9539.940822      IP 2      IP 1      TCP      listener > rec
[SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

634       9539.956506      IP 1      IP 2      TCP      rec > listener
[SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

635       9539.956516      IP 2      IP 1      TCP      [TCP Dup ACK
633#1] listener > rec [ACK] Seq=1 Ack=1 Win=65535 Len=0

636       9540.002582      IP 1      IP 2      TCP      rec > listener
[ACK] Seq=1 Ack=1 Win=65535 Len=0

 

Thanks.

 

________________________________

From: Mohan Radhakrishnan 
Sent: Wednesday, August 24, 2011 1:56 PM
To: 'wireshark-users () wireshark org'
Subject: Significance of RST

 

Hi,

 

         I would like to get some help to understand why after several
TCP keep-alive( set to 45 seconds for debugging ) packets I see a RST
negotiation here. Are there any suggestions to debug this ?

 

628       9537.122717      IP 1      IP 2      TCP      admin > listener
[FIN, ACK] Seq=1 Ack=1 Win=65535 Len=0

629       9537.122731      IP 2      IP 1      TCP      listener > admin
[ACK] Seq=1 Ack=2 Win=65535 Len=0

630       9537.126060      IP 2      IP 1      TCP      listener > admin
[RST, ACK] Seq=1 Ack=2 Win=0 Len=0

631       9537.131393      IP 1      IP 2      TCP      rec > listener
[SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

632       9537.131435      IP 2      IP 1      TCP      listener > rec
[SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

633       9539.940822      IP 2      IP 1      TCP      listener > rec
[SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460

634       9539.956506      IP 1      IP 2      TCP      rec > listener
[SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

635       9539.956516      IP 2      IP 1      TCP      [TCP Dup ACK
633#1] cslistener > direcpc-video [ACK] Seq=1 Ack=1 Win=65535 Len=0

636       9540.002582      IP 1      IP 2      TCP      rec > listener
[ACK] Seq=1 Ack=1 Win=65535 Len=0

 

Does this have something to do with data loss ? The socket opened from
AIX to a Windows client behaves like this and the client never receives
any packets.

 

Thanks,

Mohan



DISCLAIMER:
==========================================================================================================================================================The
 information contained in this e-mail message may be privileged and/or confidential and protected from disclosure under 
applicable law. It is intended only for the individual to whom or entity to which it is addressed as shown at the 
beginning of the message. If the reader of this message is not the intended recipient, or if the employee or agent 
responsible for delivering the message is not an employee or agent of the intended recipient, you are hereby notified 
that any review, dissemination,distribution, use, or copying of this message is strictly prohibited. If you have 
received this message in error, please notify us immediately by return e-mail and permanently delete this message and 
your reply to the extent it includes this message. Any views or opinions presented in this message or attachments are 
those of the author and do not necessarily represent those of the Company. All e-mails and attachments sent and 
received are subject to monitoring, reading, and archival by the 
Company.==========================================================================================================================================================

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Significance of RST Mohan Radhakrishnan (Aug 24)
- <Possible follow-ups>
- Re: Significance of RST Mohan Radhakrishnan (Aug 24)
- Re: Significance of RST Mohan Radhakrishnan (Aug 25)