 | 1 | initial version |
Did the packet capture come from 206? Is there a firewall that can track network connection states?
According to Wireshark, the TCP completeness of 206 ACK is 4, as it did not detect the presence of SYN or SYN-ACK for this particular TCP stream. When device 212 gets the ACK from 206, it sends an RST reply. I believe that the RST packet was not received by 206. If 206 received the RST, it should have terminated the session.
I suggest capturing packets at 206.
If you can't find the TCP RST packet, you need to investigate what happened to it.
If you see the TCP RST packet, make sure to check all active TCP sessions on the 206 device. TCP RST should have terminated the session. It is active, that is a problem.
