WebSocket FIN packets turn into PSH/ACK

asked 2020-11-14 00:20:57 +0000

SanyaMor gravatar image


Problem here in terms of .exe: sometimes my PC doesn't recieve/transmit WebSocket FIN packets, they turn into normal PSH/ACK ones. Because of that an app fails to work properly. Is there any way to trace the problem? What can be wrong?

When app works: image description

When it fails to do so: image description

edit retag flag offensive close merge delete


The websocket dissector keys off http.upgrade.
If you set a display filter of http.upgrade do you see a packet in the first capture with this field and no packets that match in the second capture? You could also disable the websocket protocol in the first capture and see that it looks a lot like the second.

(Sample capture attached to issue 16274 )

Chuckc gravatar imageChuckc ( 2020-11-14 04:23:57 +0000 )edit

Chuck, thanks for comment. I still don't understand why my PC sometimes (randomly) fails to connect to WebSocket in this special case. Any idea where can I find info about it?

SanyaMor gravatar imageSanyaMor ( 2020-11-14 07:45:33 +0000 )edit

When diagnosing TCP/TLS it helps to capture the handshakes - TCP 3-way and TLS hello/certs/session start.

Chuckc gravatar imageChuckc ( 2020-11-14 16:47:09 +0000 )edit