Client ends handshake with RST instead of ACK

asked 2018-07-14 09:58:28 +0000

updated 2018-07-14 11:08:29 +0000

Hi all,

A linux client is experiencing slow HTTP. I found, among other things, this TCP handshake which seems odd (see pcap link below). It's not the first handshake but one among many. The client, with IP 192.168.105.52, initiates the SYN. The server responds with SYN-ACK but then the client sends an RST.

What are the potential reasons for this? At least the TSecr and TSval values match. What other things should I check for that can cause RST?

Can this handshake be analyzed in isolation? I'm not comfortable sending other HTTP traffic.

https://www.cloudshark.org/captures/7...

Thanks! K

edit retag flag offensive close merge delete

Comments

Looks like the file is not public, can you check?

Jasper ( 2018-07-15 11:45:18 +0000 )edit

Made it public now. Thanks for pointing that out!

insecurepassword ( 2018-07-15 13:12:44 +0000 )edit

add a comment

Comments

That makes sense and is in line with one of the potential reasons I had in mind myself. Much appreciated!

insecurepassword ( 2018-07-17 04:05:39 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Client ends handshake with RST instead of ACK

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Client ends handshake with RST instead of ACK edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Client ends handshake with RST instead of ACK