Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

It looks like closes [FIN,ACK] its end of the TCP link and immediately throughs up a blocking firewall rule. This even before can send its acknowledgement [ACK] of this closure. This [ACK] triggers the ICMP response. And then repeat its [FIN,ACK] because it didn't receive the [ACK]. Which dutifully does, but is rebuked by the firewall again. And so it continues until end of capture.

Now Wireshark can tell you what is happening, but not why. This is up to you to find in the involved network components, i.e. by capturing at different locations in the link and comparing the captures.