Hi. I'm doing an analysis on a network and while doing a capture from client's end I found out that all TCP connections end with reset packets.
The network looks like: Client - Firewall - Load balancer(+SSL acceleration) - Server
So when I'm capturing traffic from a client I see that the TCP traffic is flowing fine and client ACKs packet's normally. After the last segment is ACKed nothing happens for a ~5 seconds and then the rest of the connection always goes like this:
SERVER sends 'Encrypted alert'-packet
SERVER sends FIN,ACK
CLIENT sends ACK
CLIENT sends 'Encrypted alert'-packet
CLIENT sends RST,ACK
So my questions is: Is this normal behavior or could there be something wrong with the configuration. Any help is appreciated.
asked 12 Nov '12, 02:21
RST used to be a flag that indicated a session termination due to trouble, but in the last couple of years the RST flag is more and more used to shutdown sessions that had no trouble at all. Mostly because it is faster than FIN-ACK-FIN-ACK, and it releases the stack ressources right away while FIN might lead to a TIME-WAIT state.
So I'd say seeing reset packets at the end of a conversation is pretty normal.
answered 12 Nov '12, 02:59