This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I am currently Troubleshooting 2 hosts whom are on separate LANs with a Cisco Router in between the two. Now for clarification both PCs are running windows 7, and firewalls have been configured to allow Remote Desktop connections on the PCs.All configurations on the Cisco router are set to default and there are no ACL or blockings on the cisco router.Both PCs can access the internet and there is no connectivity issues other than the Remote Desktop connection. The following TCP packets were found from the local machine to the remote PC:

Packet#1 Length:66, Ports:50351-->3389 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Packet#2 Length 54, Ports 3389-->50351 [RST,ACK] seq=1 ack=1 win=0 len=0
Packet#3 Length 66, [TCP Spurious Retransmisson] 50351-->3389 [SYN] seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

and then it repeats back to a similar packet to Packet#2.

asked 07 Jan '16, 12:13

Lhoxey's gravatar image

Lhoxey
6112
accept rate: 0%

edited 07 Jan '16, 15:54

grahamb's gravatar image

grahamb ♦
19.8k330206


What does the remote side look like? Do you see the same. The RST in the second packet says in that case that the connection is refused, either by the remote host itsself (for example the port 3389 is not open) or by an acl / firewall rule on the path.

So the easiest way will be to check the remote side.

permanent link

answered 07 Jan '16, 15:50

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%

edited 07 Jan '16, 22:27

On the Remote side i do see the same exact packet (RST). The Local port that Remote Desktop uses is port 3389 I thought?

(07 Jan '16, 16:18) Lhoxey

Oh sorry, my fault. Of course it is the port 3389.

(07 Jan '16, 22:36) Christian_R

Now for clarification both PCs are running windows 7, and firewalls have been configured to allow Remote Desktop connections on the PCs.

I'd bet that the Windows Firewall configuration is wrong ;-) OR there is some additional security software on the target machine (Endpoint Security), blocking the SYN request. Please disable Windows Firewall completely and try again. If it's still not working, try to identify other security software. If there is none, please check with netstat -na that the system is actually listening to port 3389 !!

(09 Jan '16, 12:50) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×53
×22

question asked: 07 Jan '16, 12:13

question was seen: 3,609 times

last updated: 09 Jan '16, 12:51

p​o​w​e​r​e​d by O​S​Q​A