Unexpected disconnect in web application
Hi All,
I currently have a web application that's in a live environment, however occasionally I have users that will randomly disconnect while navigating pages. If the user hits refresh the application will be fine and continue as expected. I've checked any changes I've made recently that might attribute to this problem, i've asked the users to restart, i've restarted the host machine, but it continues to happen at random intervals to random users. I've included a screenshot of the capture filter i put in place. Still learning with Wireshark so any explanations would be greatly appreciated!
Thanks,
Sean
Its seems the connection is getting reset just after SYN packet and its possible that intermediate device like a firewall/load balancer is resetting the connection. Best way to check is check the TTL(ip header) value of the RST packet and SYN-ACK from the server's ip address. If the values are different then there is a high chance any middle device resetting the connections. If you share the pcap file I can check further.
The packets were collected from the web server, the TTL of the inbound SYN packet is showing 51 where as the outbound reset is 128. Now that you mention it something vaguely similar was happening last year and got pointed back to the firewall with you mentioning intermediate devices. I'll give the firewall a look and see where i get. Thanks for the reply!
If the packets were collected on the web server then its your web server that is resetting the connection. Ideally it should be responding with a SYN-ACK but sends a RST-ACK.
Thanks! Is there any usual reasons this would be occurring? I'm trying to see if any of the headers indicate the reason for the disconnect.