Is there someone who can explain to me why in my Wireshark captures I have sessions that ends with several RST packets following normal TCP end Session and the other not.
I want to specifie that hosts concerned are always the same hosts but in different processes numbers
here attaching the captures.
Thank you for your help.
asked 20 Jun '12, 08:51
In the capture file we can only see the first two frames of the 3-way TCP handshake (SYN, SYN-ACK but no ACK!) and then either a FIN or a RST. Where did you capture that data? On the Netscreen firewall?
If yes, the multiple TCP Resets could be generated by the firewall (IDS on the Firewall or regular behaviour). To verify, I suggest to capture in front of the firewall and after the firewall. Then compare the capture files.
Do you have any network problems with those RESETS or are you just curious about it?
answered 24 Jun '12, 23:20