Application crashes, host is sending RST back to server, captures of both
I have an application that is crashing. This is a guess, but I think the application expects the database connection to be still opened, but it's not, and then it crashes.
From the captures it appears the computer that the application is running on sends a RST back to the server, but I haven't been able to figure out why.
I have attached captures of both server and computer at the time the error happened.
I think frame 40329 in the computer capture matches up to 5211 in the server capture.
Any help is greatly appreciated.
How does the client normally close a connection to the server?
Looking at the server capture, the last activity before 5211 are 2626 and 2627 which look good.
Then 168 seconds later comes the reset in 5211.
Then are plenty of other connections in the server capture which much longer times between TCP packets.
From the trace files we can spot two different RSTs. One is RST after receiving a FIN And the other one comes in the middle of a session after a gap of 168 s. I think this second case RSTs are not the cause of the application crash they are more or less the indication of it.
Can anyone confirm what I think I'm seeing. Packet in frame 40329 in the computer capture is a RST because the computer did not receive the packet in frame 2627 in the server capture.
Server display filter:
Computer display filter:
They are in a different order because of where the capture was done but I don't see a missing packet.
It might be easier to see comparing a flow graph for each capture.
Check the "Limit to display filter" box and set Flow type: TCP Flows.
Or add the a column to the packet list
ip.id
and see that the packets are there, just a different order.