This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Receive TCP RST packet from unreachable computer

0

Today I had a opportunity to work with wireshark.

I installed wireshark on my VMware and made some test on it.

And I found a interesting thing.

I sent the HTTP request to not exist computer and captured the all packet flow with wireshark.

The first packet was SYN packet.

And second one was re-transmission packet.(for system hadn't received any response from target computer).

But surprisingly, RST packet from the target computer reached.

I couldn't understand where this packet came from.

I tested for 2 target computers, and in both case, I had the RST packet.

So are there anyone answer about those suspicious RST packets?

Thanks for reading.

Regards.

alt text alt text

asked 28 Jul '17, 00:48

Takuya%20Kimura's gravatar image

Takuya Kimura
6112
accept rate: 0%


One Answer:

0

The most likely explanation is that a security device exists on the route towards the IP address of the non-existent computer, and that device forges the RST packet in the name of the nonexistent computer.

answered 28 Jul '17, 01:32

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%