This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Connection Reset

0

Can I get some help figuring out where and why this is occuring?

Here is a link to the capture file: https://www.cloudshark.org/captures/7c1b696a2e4d

I am attempting to send an HL7 message to an application on a remote server.

asked 05 Jan '16, 11:24

thebrain's gravatar image

thebrain
6112
accept rate: 0%


One Answer:

0

I can spot the following two things in the trace:

  1. There is a retransmission of the Initial SYN packet.
  2. The server terminates the session with an RST packet. The RST packet contains the Acknowledgement for the whole of packet #7

So if I where you, I would check the server side (logfile analysis or additional trace) or/and the Layer4 / Layer7 devices (FW or loadbalancer) on the network path.

answered 05 Jan '16, 13:12

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%

edited 05 Jan '16, 13:16

To clarify, when you say the server terminates the session, are you saying the destination server terminates it, or the source server?

(05 Jan '16, 13:22) thebrain

Yes I mean the 172.18.110.52

(05 Jan '16, 13:30) Christian_R

@thebrain, the word "server" has an exact meaning in protocols like tcp, where the "client" is the party which sends the initial request (in this case, to establish a tcp session) and the "server" is the party which expects and fulfils/responds such requests (and it usually does so on a fixed, "well-known" port identifying the particular application/service accessible using tcp transport, like http, telnet, ..., while a client is using a temporarily assigned arbitrary port to send the request).

The fact that powerful "non-personal" computers are called "servers" too is a regrettable source of confusion :-)

(05 Jan '16, 15:00) sindy