This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What is autonoc reset?

0

Hi,

Wireshark is outputing a black background with pink(?) letters with this:

[TCP Dup ACK] http -> autonoc [ACK] seq=597 ack=672 win=67000

And just bellow, follow a red background with yellow letters with this:

autonoc -> http [RST] seq=672 win=0 len=0

What could be this?

asked 05 May '13, 14:14

skd's gravatar image

skd
6113
accept rate: 0%

2 Answers:

1

As Jasper there is nothing particularly unusual or sinister here. There are a couple of things that probably threw you though:-

  1. Wireshark tries to convert TCP and UDP ports to the names that were registered for these numbers with the IANA registry. So TCP port 80 became http and TCP port 1140 became autonoc.
  2. While http is useful in this case (helping us know the server was probably a web server), autonoc is probably not. When a client establishes a connection to a server it usually chooses a "random" port with a high number (above 1024), called an ephemeral port, for the connection. In this case your client chose 1140. So converting it to autonoc really is incorrect, as it would only make sense if this TCP port was on the server side.
  3. The "Dup ACK" is probably just the server wanting to see some more action from the client. The followup action from the client though is the RST (reset), which means it is done with that conversation. So all good and normal TCP.

answered 05 May '13, 14:33

martyvis's gravatar image

martyvis
8911525
accept rate: 7%

1

Nothing special, just color markers for a duplicate ACK and a TCP reset packet. Which is all basic TCP stuff, so if you want to know more about that you need to study how TCP works.

answered 05 May '13, 14:20

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%