Understanding the RST packet

asked 2017-11-09 04:35:29 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi, I have two application running on local host with client server architecture

 A <-------------------->B
 2411                    43787

Basically A is the server wand B is the client.

After the initial handshake is done , the message transfer happens fine but after some days either 2/7/10 days , The connection goes down.

When I captured the TCP packet I have observed that RST packet is sent from client. I check the code of the client, I have not seen that client is closing the connection , nor the client application is restarted , then what should be the reason for the RST packet being sent to the server.

How do I proceed to fix the disconnection.

 **10744    2017-10-29 13:58:43.179257  127.0.0.1   127.0.0.1   TCP 68  43787 > vrts-registry [ACK] Seq=76858 Ack=203335 Win=182 Len=0 TSval=4066492436 TSecr=4066492436**

****10745   2017-10-29 13:58:43.179272  127.0.0.1   127.0.0.1   TCP 68  43787 > vrts-registry [RST, ACK] Seq=76858 Ack=203335 Win=182 Len=0 TSval=4066492436 TSecr=4066492436****

Any clue on this please.

edit retag flag offensive close merge delete

Comments

[update: Fixed the formatting to separate log snippets from the text body.]

Eddi gravatar imageEddi ( 2017-11-09 16:38:00 +0000 )edit

The log file shows the localhost addresses as client and server.

Is this the real setup? Are client and server running on the same host? Or did you change the addresses for privacy reasons?

If the communication runs local on the host, this would eliminate a lot of possible reasons.

Eddi gravatar imageEddi ( 2017-11-09 16:40:05 +0000 )edit

Yes, The client and the server running on the local host basically its two application running on the same host connected with 127.0.0.1 and the one which is acting as the server has the fixed port as 2411.Its a old legacy application so not sure why they have done like that

sp13278 gravatar imagesp13278 ( 2017-11-10 03:00:48 +0000 )edit

Can you share us a tracefile?

Christian_R gravatar imageChristian_R ( 2017-11-11 19:22:07 +0000 )edit

How do I need to share it seems I dont have the privilege to attach a file

sp13278 gravatar imagesp13278 ( 2017-11-13 06:12:22 +0000 )edit