Is this a sslstripping attack?
I was having connection problems with my laptop so i captured some packets. I'm having RST ACK's on port 443. What can cause this? I'm just curious..
Packet Capture File 1: https://easyupload.io/dwlf2v Packet Capture File 2: https://easyupload.io/9mb5wu Screenshot: https://prnt.sc/xv59ai
This is not an SSL stripping attack because in this case you would not see TLS connections.
Your client sends a FIN to the server to close the connection. This happens at different points in the captured conversations. All following packets from the servers are answered with an RST. It looks like that only conversations to Google services/servers are affected.
Indeed, this happens really often in your captures. Due to the DNS requests it seems that you're using HTTPS Everywhere. Could you try if it helps when you disable it temporary?
Could you give us some more details about your connection problems?
First of all thanks for answering, i've disabled Https Everywhere and tried capturing some packets. Here are the results . What my problem is those RST packets happen so often that i can't even connect to the internet..
Hey, Your second captures look completly different.
Your client sends the RST in answer to an SYN-ACK from the server. And that's OK because there's no SYN from your client in the captures. Looks like your client tried to open the connection over another interface, or you're having another client in your network with the same IP address.
The TTL to some destinations varies too. Not sure what's causing this, but it could be a hint that something with your routing is wrong.
Where and how have you captured the packets? Could you provide us the output of traceroute from your client to e.g. 8.8.8.8?
I captured the packets while connecting to google on wlan0 interface and we've checked from DHCP list there aren't any clients on local network with the same ip address.
Also i'm having so much keepalive requests too - Image , Capture
Here are the output results - https://filebin.net/0aff3do9y3zsbuo1
The keepalives are OK. They're just an info from your client or the server, that he's still there to prevent closing of the session due to a timeout. To be honest I've no more ideas what causes this. I would suggest to isolate the issue.