Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

TCP RST & RST, ACK question

Troubleshooting why IP trunks between two pbx's randomly drop. They talk on port 1067. There are no Firewalls between the sites its a private L2 circuit between them. I captured packets at 4 points right at the PBX and WAN rtr and compared all 4 captures. I want to know if I'm understanding the packet with RST, ACK in it.

PBX A 1.1.1.1 shows a log at 17:58:53 that IP trunk link failed between A and PBX B (2.2.2.2) WS logs captured on PBX A at 17:58:54 there's a RST, ACK packet sourced from PBX B destination PBX A. This packet suggests to me that PBX B 2.2.2.2 is acknowledging a TCP RST send from PBX A correct? However, There is no RST packet sent from A prior to this 17:58:54 time stamp.Furthermore the TTL of this packet is 254 which tells me it truly didn't come from PBX B. Then two packets later 17:58:55 there is an actual TCP RST generated from PBX A heading to PBX B. I can follow this packet all the way to PBX B. Then when I look at my PBX B logs It shows IP Trunk Failure at 17:58:54.

So how does this, what looks like to me a fake RST, ACK packet sourced from B to A get generated? What other clues could help my pin point if this is truly a network issue or PBX application issue?

Thanks

This packet has a TTL of 254 so I know it didn't truly come from PBX A and there's no TCP RST packet sent from A in my other captures for B to