This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Miscommunication Acqknowledge software and Vizard Lite

0

Hi all,

I'm a PhD student in neuroscience, looking into the effects of stress on risk-taking. To this end we measure physiological signals such as heart rate and blood pressure. This measurement data is gathered by a software package called Acqknowledge, which sends it over a LAN to another pc, on which a Python script runs. And this is where the trouble starts: at some point, sometimes after a minute, sometimes after 30 minutes, the connection is lost between Acqknowledge and the python script.

I've used wireshark to see what happens, see for screenshots of two separate instances where it went wrong here (Acqknowledge runs on 192.168.0.2 and the Python script on 192.168.0.1)

Could someone perhaps explain a little bit what happens here? I have been reading up on the TCP protocol and my layman's view of what's going on is that at some point the script sends a FIN to Acqknowledge to terminate the connection, but receives no ACK on this request and therefore sends a RST, effectively ending the connection. Is this somewhat correct or completely wrong? And has anybody perhaps noticed such a pattern before and/or has any ideas on how to approach this issue?

Any help is appreciated, cheers,

Benny

asked 10 Jan '14, 03:14

bhvijgh's gravatar image

bhvijgh
1111
accept rate: 0%

One Answer:

0

Looks like the 192.168.0.1 finishes the conncection (as you already found out) in a graceful way using the FIN flag, but then gets "angry" and sends a Reset in the next packet to the other system. Looks to me like the pyhton script isn't having a patient day, maybe caused by the fact - as an reaction to the FIN - the Acqknowledge server sends more data. Maybe the script doesn't know how to handle data after FIN and simply quits. If there are any logs on that pyhton system you should check for hints that the script terminated in an error state.

BTW, screenshots are better than nothing, but if you can try to upload a (non sensitive) capture file at Cloudshark and post the link. It is much easier to look at packets in an analyzer than on a screen that doesn't show everything.

answered 10 Jan '14, 03:59

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%