Why TCP RST happens from the server?
Hello For troubelshouting access to the website https://bac.onec.dz/ I used wirshark to analyze the traffic but I can not understand the problem of reset from server.
87.011281 10.10.104.12 bac.onec.dz TCP 66 0 1 0 128 54558 (54558) 54558 → https(443) [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
87.015826 bac.onec.dz 10.10.104.12 TCP 66 0 1 1 246 https (443) https(443) → 54558 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 WS=1 SACK_PERM=1
87.016027 10.10.104.12 bac.onec.dz TCP 54 1 1 1 128 54558 (54558) 54558 → https(443) [ACK] Seq=1 Ack=1 Win=262656 Len=0
87.017136 10.10.104.12 bac.onec.dz TLSv1.2 571 1 518 1 128 54558 (54558) Client Hello
87.017887 bac.onec.dz 10.10.104.12 TCP 60 1 1 518 246 https (443) https(443) → 54558 [ACK] Seq=1 Ack=518 Win=26280 Len=0
87.120478 bac.onec.dz 10.10.104.12 TLSv1.2 1514 1 1461 518 246 https (443) Server Hello
87.120478 bac.onec.dz 10.10.104.12 TLSv1.2 629 1461 2036 518 246 https (443) Certificate, Server Key Exchange, Server Hello Done
87.120742 10.10.104.12 bac.onec.dz TCP 54 518 518 2036 128 54558 (54558) 54558 → https(443) [ACK] Seq=518 Ack=2036 Win=262656 Len=0
87.123929 10.10.104.12 bac.onec.dz TLSv1.2 180 518 644 2036 128 54558 (54558) Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
87.127449 bac.onec.dz 10.10.104.12 TCP 60 2036 2036 644 246 https (443) https(443) → 54558 [ACK] Seq=2036 Ack=644 Win=15243 Len=0
87.129883 bac.onec.dz 10.10.104.12 TLSv1.2 105 2036 2087 644 246 https (443) Change Cipher Spec, Encrypted Handshake Message
87.130521 10.10.104.12 bac.onec.dz TLSv1.2 758 644 1348 2087 128 54558 (54558) Application Data
87.135745 bac.onec.dz 10.10.104.12 TCP 60 2087 2087 1348 246 https (443) https(443) → 54558 [ACK] Seq=2087 Ack=1348 Win=15947 Len=0
91.134800 bac.onec.dz 10.10.104.12 TCP 60 2087 2087 1348 246 https (443) https(443) → 54558 [RST, ACK] Seq=2087 Ack=1348 Win=0 Len=0
So the server or something in between, like a firewall (deep inspection), is aborting the communication after the client sends the first request.
It would help if you know what was send by the client. Did you generate the SSLKEYLOGFILE as well to decrypt? See https://wiki.wireshark.org/TLS
thanks , yes i did and all seems fine