This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why Does Local Application Send FIN/ACK Before Receiving Auth Response From ACS5.5 Server?

0

I'm wondering why the local application appears to be closing the tcp session before receiving the authentication response. I've run pcaps on multiple points in the network and getting the same results. The DSView(local) app sends a FIN/ACK but no trace of a FIN being sent. DSView application initiates the connection, makes the query for authentication and then after the ACS server ACKs, DSView sends a FIN/ACK, subsequently the ACS server sends the authentication response, but, the session is closed and TACACS authentication fails for the DSView application.

This is the result of a netstat from the DSview server immediately after attempting to authenticate: TCP 10.65.0.95:52685 10.65.12.12:49 TIME_WAIT

I've contacted the vendor and have yet to receive any feedback. It doesn't appear to be an issue inside our network.

Thank you in advance for your thoughts on this scenario

asked 15 Jul '15, 11:25

mduck2217's gravatar image

mduck2217
6112
accept rate: 0%