Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Kindly assist me with the issue as to why the CONNECTION RESET is happening

Wireshark can not tell you WHY the TCP RST is sent, but it can make a guess at WHO is sending the TCP RST. As you mentioned, the IP TTL of the TCP RST is 59, that seems to be 5 hops away from the capture point (it looks like the capture was made on the client is that correct?). The HTTP respponses that the client did get from the server have a TTL of 122, that seems to be 6 hops away from the capture point.

This combined leads to the conclusion that the first hop from the server towards the client is the device sending the TCP RST packets. As the TCP RST packets only occur on a specific URL, it seems there is a next-gen firewall, a web application firewall or maybe an IPS/IDS that is hitting a rule, which might be a false positive.