This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lots of RST,ACK in traffic between Domain Controllers

0

Is this normal behaviour?

alt text

alt text

asked 05 Apr '17, 07:18

Vincebaat's gravatar image

Vincebaat
11114
accept rate: 0%

2 Answers:

2

Looks pretty normal to me - some clients or servers terminate connections with a reset packet, because it's faster and needs less resources than the "normal" FIN-ACK teardown. So unless the reset appears before all the data is exchanged, it's nothing to worry about.

answered 05 Apr '17, 07:20

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

1

Your capture looks very normal to me.

Just to add up - It's probably something you don't want to hear - but whenever possible, do baselines !

  • You will be able to know what's going on in the network while everything runs OK
  • You will be able to know exactly how works a specific protocol / app in Wireshark, and when it fails, you'll be able to check any differences.

I often have co-workers asking : '' Hey, is that normal I have this in Wireshark for X specific thing '', and I'm unable to tell them if it's normal or not because it's something too specific I never see / no baseline.

answered 05 Apr '17, 11:00

jerioux's gravatar image

jerioux
25117
accept rate: 0%