This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Meaning of the TCP dump entry

0

Hello all,

I am monitoring a remote system. The TCP dump shows the following entry. Does anybody has any idea what this entry means??

29 2.199163 10.142.4.10 62.254.196.34 TCP 54 41620 > 18081 [RST] Seq=4360 Win=49680 Len=0 30 20216171 62.254.196.34 10.142.4.10 TCP 60 18081 > 41620 [RST] Seq=6849 Win=0 Len=0

Its too urgent please revert to this

Thanks, Raj

asked 05 Nov '12, 02:55

rajm's gravatar image

rajm
1111
accept rate: 0%

edited 05 Nov '12, 04:27

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

1

It tells you, that the client (10.142.4.10) decided to terminate the tcp connection to 62.254.196.34:18081 and thus it sent a TCP RESET (RST). The server decided to answer with a RESET.

Please read the following wikipedia article to learn more about TCP connection termination:

http://en.wikipedia.org/wiki/Transmission_Control_Protocol

Regarding the next question you might have: Based on just that information, it is impossible to figure out why the connection has been terminated in that way. It depends on the application and possible errors that might have occurred (or not, if the application just works like that).

Regards
Kurt

answered 05 Nov '12, 04:18

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 05 Nov '12, 04:27

Great Thanks Kurt.

(06 Nov '12, 03:29) rajm

If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(06 Nov '12, 03:45) Kurt Knochner ♦