 | 1 | initial version |
Kindly assist me with the issue as to why the CONNECTION RESET is happening
Wireshark can not tell you WHY the TCP RST is sent, but it can make a guess at WHO is sending the TCP RST. As you mentioned, the IP TTL of the TCP RST is 59, that seems to be 5 hops away from the capture point (it looks like the capture was made on the client 172.27.168.47 is that correct?). The HTTP respponses that the client did get from the server 160.220.36.53 have a TTL of 122, that seems to be 6 hops away from the capture point.
This combined leads to the conclusion that the first hop from the server towards the client is the device sending the TCP RST packets. As the TCP RST packets only occur on a specific URL, it seems there is a next-gen firewall, a web application firewall or maybe an IPS/IDS that is hitting a rule, which might be a false positive.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
