This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Constant TCP requests and failed responses

0

I'm getting one of these per second:

457 205.494657  127.0.0.1   127.0.0.1   TCP 68  49507→23454 [SYN] Seq=0 Win=65535 Len=0 MSS=16344 WS=32 TSval=630136859 TSecr=0 SACK_PERM=1

458 205.494702 127.0.0.1 127.0.0.1 TCP 44 23454→49507 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Each time the source port is incremented by 1 and the destination is always 23454

I have closed every app, turned off wifi, no ethernet connect, and tried to close any process in the application monitor that had any network traffic.

Any help would be appreciated

Frame 457: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) on interface 0
    Interface id: 0 (lo0)
    Encapsulation type: NULL/Loopback (15)
    Arrival Time: Mar 31, 2017 22:35:17.546056000 EDT
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1491014117.546056000 seconds
    [Time delta from previous captured frame: 1.066713000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 205.494657000 seconds]
    Frame Number: 457
    Frame Length: 68 bytes (544 bits)
    Capture Length: 68 bytes (544 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: null:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Null/Loopback
    Family: IP (2)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 64
    Identification: 0x061b (1563)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x0000 [validation disabled]
    [Header checksum status: Unverified]
    Source: 127.0.0.1
    Destination: 127.0.0.1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49507, Dst Port: 23454, Seq: 0, Len: 0
    Source Port: 49507
    Destination Port: 23454
    [Stream index: 193]
    [TCP Segment Len: 0]
    Sequence number: 0    (relative sequence number)
    Acknowledgment number: 0
    Header Length: 44 bytes
    Flags: 0x002 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgment: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 23454]
                [Connection establish request (SYN): server port 23454]
                [Severity level: Chat]
                [Group: Sequence]
        .... .... ...0 = Fin: Not set
        [TCP Flags: ··········S·]
    Window size value: 65535
    [Calculated window size: 65535]
    Checksum: 0xfe34 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    Options: (24 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), Timestamps, SACK permitted, End of Option List (EOL)
        Maximum segment size: 16344 bytes
            Kind: Maximum Segment Size (2)
            Length: 4
            MSS Value: 16344
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        Window scale: 5 (multiply by 32)
            Kind: Window Scale (3)
            Length: 3
            Shift count: 5
            [Multiplier: 32]
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        Timestamps: TSval 630136859, TSecr 0
            Kind: Time Stamp Option (8)
            Length: 10
            Timestamp value: 630136859
            Timestamp echo reply: 0
        TCP SACK Permitted Option: True
            Kind: SACK Permitted (4)
            Length: 2
        End of Option List (EOL)
            Type: 0
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0000 = Number: End of Option List (EOL) (0)

Frame 458: 44 bytes on wire (352 bits), 44 bytes captured (352 bits) on interface 0 Interface id: 0 (lo0) Encapsulation type: NULL/Loopback (15) Arrival Time: Mar 31, 2017 22:35:17.546101000 EDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1491014117.546101000 seconds [Time delta from previous captured frame: 0.000045000 seconds] [Time delta from previous displayed frame: 0.000045000 seconds] [Time since reference or first frame: 205.494702000 seconds] Frame Number: 458 Frame Length: 44 bytes (352 bits) Capture Length: 44 bytes (352 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: null:ip:tcp] [Coloring Rule Name: TCP RST] [Coloring Rule String: tcp.flags.reset eq 1] Null/Loopback Family: IP (2) Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1 0100 …. = Version: 4 …. 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) …. ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x7fc1 (32705) Flags: 0x02 (Don't Fragment) 0… …. = Reserved bit: Not set .1.. …. = Don't fragment: Set ..0. …. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 127.0.0.1 Destination: 127.0.0.1 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 23454, Dst Port: 49507, Seq: 1, Ack: 1, Len: 0 Source Port: 23454 Destination Port: 49507 [Stream index: 193] [TCP Segment Len: 0] Sequence number: 1 (relative sequence number) Acknowledgment number: 1 (relative ack number) Header Length: 20 bytes Flags: 0x014 (RST, ACK) 000. …. …. = Reserved: Not set …0 …. …. = Nonce: Not set …. 0… …. = Congestion Window Reduced (CWR): Not set …. .0.. …. = ECN-Echo: Not set …. ..0. …. = Urgent: Not set …. …1 …. = Acknowledgment: Set …. …. 0… = Push: Not set …. …. .1.. = Reset: Set [Expert Info (Warning/Sequence): Connection reset (RST)] [Connection reset (RST)] [Severity level: Warning] [Group: Sequence] …. …. ..0. = Syn: Not set …. …. …0 = Fin: Not set [TCP Flags: ·······A·R··] Window size value: 0 [Calculated window size: 0] [Window size scaling factor: -1 (unknown)] Checksum: 0xfe1c [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 457] [The RTT to ACK the segment was: 0.000045000 seconds] [iRTT: 0.000045000 seconds]

asked 01 Apr ‘17, 07:08

jschwa's gravatar image

jschwa
6112
accept rate: 0%


One Answer:

0

Did you try to use netstat to find out what application runs an open socket on port 23454? On Windows you could run

netstat -ano

to get a list of all open sockets with the process ID (PID) of the process servicing the port. With the help of a task manager / process explorer you can find the program associated to the PID.

answered 02 Apr '17, 00:15

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%